Bootstrap FreeKB - Apache (Web Server) - 403 Forbidden you dont have permission to access on this server
Apache (Web Server) - 403 Forbidden you dont have permission to access on this server
Updated:   |  Apache (Web Server) articles

403 Forbidden you don't have permission to access on this server appears when attempting to access a resource from a web server, such as an HTML page (index.html) or an image file (foo.jpg).

 

I often see this along with "No matching DirectoryIndex" where 403 will be in the web servers access log and "No matching DirectoryIndex" will be in the web servers error log. Check out my article Apache (Web Server) - Resolve "No matching DirectoryIndex".

For example, let's say http://www.example.com/ returns 403 forbidden. I would first check DocumentRoot in the web servers httpd.conf file. Let's say the DocumentRoot is /var/www/html.

DocumentRoot /var/www/html

 

Then check DirectoryIndex in the web servers httpd.conf file

DirectoryIndex index.html index.htm index.shtml index.jsp index.php index.phtml

 

In this example, if /var/www/html does not contain one of the DirectoryIndex files, requesting the document root such as http://www.example.com/ can return 403.

~]$ ll /var/www/html
-rw-rw-r-- 1 nobody admins 6 Aug 29  2011 foo.html
-rw-rw-r-- 1 nobody admins 6 Aug 29  2011 bar.html

 

Permissions

The minimal permission needed for the file being requested is -r--r--r-- (read only).

~]# ll /var/www/html
-r--r--r-- 1 root root 1473 Dec 29 02:44 index.html

 

SELinux

Use the sestatus command to determine if SELinux is enforcing, permissive, or disabled.

~]# sestatus
Current mode:  enforcing

 

If SELinux is enforcing, use the ls -lZ command to view the SELinux permissions on the files being requested. The type needs to be httpd_sys_content_t.

~]# ls -lZ /var/www/html
-r--r--r-- 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html

 

If the type is not httpd_sys_content_t, use apt-get, dnf, or yum to install policycoreutils-python. This package contains semanage.

~]# dnf -y install policycoreutils-python

 

The semanage command can then be used to set the /var/www directory to have SELinux type httpd_sys_content_t. This is a permanent change, meaning this setting will remain in tact after the system is rebooted.

~]# semanage fcontext -a -t httpd_sys_content_t /var/www

 

The restorecon command can then be used to update every file and directory below /var/www to have SELinux type httpd_sys_content_t.

~]# restorecon -Rv /var/www

 

Configuration

Check the server configuration file (eg. httpd.conf). Check to see if the directory being requested is granted.

<Directory />
  Require all granted
</Directory>

 

There may also be other lines in the server configuration file that need to be adjusted. For example, if a required include is commented out, that may cause 403.

# Include /path/to/file

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 149962 in the box below so that we can be sure you are a human.