Forbidden You Don T Have Permission to Access This Resource
Update October 2016
4 years ago, since this answer is used as a reference by many, and while I learned a lot from security perspective during these years, I feel I am responsible to clarify some important notes, and I've update my answer accordingly.
The original answer is correct but not safe for some production environments, in addition I would like to explain some issues that you might fall into while setting up your environment.
If you are looking for a quick solution and SECURITY IS NOT A MATTER, i.e development env, skip and read the original answer instead
Many scenarios can lead to 403 Forbidden:
A. Directory Indexes (from mod_autoindex.c)
When you access a directory and there is no default file found in this directory AND Apache Options Indexes is not enabled for this directory.
A.1. DirectoryIndex option example
DirectoryIndex index.html default.php welcome.php
A.2. Options Indexes option
If set, apache will list the directory content if no default file found (from the above 👆🏻 option)
If none of the conditions above is satisfied
You will receive a 403 Forbidden
Recommendations
- You should not allow directory listing unless REALLY needed.
- Restrict the default index
DirectoryIndexto the minimum. - If you want to modify, restrict the modification to the needed directory ONLY, for instance, use
.htaccessfiles, or put your modification inside the<Directory /my/directory>directive
B. deny,allow directives (Apache 2.2)
Mentioned by @Radu, @Simon A. Eugster in the comments You request is denied, blacklisted or whitelisted by those directives.
I will not post a full explanation, but I think some examples may help you understand, in short remember this rule:
IF MATCHED BY BOTH, THE LAST DIRECTIVE IS THE ONE THAT WILL WIN
Order allow,deny
Deny will win if matched by both directives (even if an allow directive is written after the deny in the conf)
Order deny,allow
allow will win if matched by both directives
Example 1
Order allow,deny Allow from localhost mydomain.com Only localhost and *.mydomain.com can access this, all other hosts are denied
Example 2
Order allow,deny Deny from evil.com Allow from safe.evil.com # <-- has no effect since this will be evaluated first All requests are denied, the last line may trick you, but remember that if matched by both the last win rule (here Deny is the last), same as written:
Order allow,deny Allow from safe.evil.com Deny from evil.com # <-- will override the previous one Example 4
Order deny,allow Allow from site.com Deny from untrusted.site.com # <-- has no effect since this will be matched by the above `Allow` directive Requests are accepted from all hosts
Example 4: typical for public sites (allow unless blacklisted)
Order allow,deny Allow from all Deny from hacker1.com Deny from hacker2.com Example 5: typical for intranet and secure sites (deny unless whitelisted)
Order deny,allow Deny from all Allow from mypc.localdomain Allow from managment.localdomain C. Require directive (Apache 2.4)
Apache 2.4 use a new module called mod_authz_host
Require all granted => Allow all requests
Require all denied => Deny all requests
Require host safe.com => Only from safe.com are allowed
D. Files permissions
One thing that most people do it wrong is configuring files permissions,
The GOLDEN RULE is
STARTS WITH NO PERMISSION AND ADD AS PER YOUR NEED
In linux:
-
Directories should have the
Executepermission -
Files should have the
Readpermission -
YES, you are right DO NOT ADD
Executepermission for files
for instance, I use this script to setup the folders permissions
# setting permissions for /var/www/mysite.com # read permission ONLY for the owner chmod -R /var/www/mysite.com 400 # add execute for folders only find /var/www/mysite.com -type d -exec chmod -R u+x {} \; # allow file uploads chmod -R /var/www/mysite.com/public/uploads u+w # allow log writing to this folder chmod -R /var/www/mysite.com/logs/ I posted this code as an example, setup may vary in other situations
Original Answer
I faced the same issue, but I solved it by setting the options directive either in the global directory setting in the httpd.conf or in the specific directory block in httpd-vhosts.conf:
Options Indexes FollowSymLinks Includes ExecCGI By default, your global directory settings is (httpd.conf line ~188):
<Directory /> Options FollowSymLinks AllowOverride All Order deny,allow Allow from all </Directory> set the options to : Options Indexes FollowSymLinks Includes ExecCGI
Finally, it should look like:
<Directory /> #Options FollowSymLinks Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order deny,allow Allow from all </Directory> Also try changing Order deny,allow and Allow from all lines by Require all granted.
Appendix
Directory Indexes source code (some code remove for brevity)
if (allow_opts & OPT_INDEXES) { return index_directory(r, d); } else { const char *index_names = apr_table_get(r->notes, "dir-index-names"); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276) "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and " "server-generated directory index forbidden by " "Options directive", r->filename, index_names ? index_names : "none"); return HTTP_FORBIDDEN; } Forbidden You Don T Have Permission to Access This Resource
Source: https://stackoverflow.com/questions/10873295/error-message-forbidden-you-dont-have-permission-to-access-on-this-server
0 Response to "Forbidden You Don T Have Permission to Access This Resource"
Postar um comentário