Apache Error: Client denied by server configuration

by damonp on January 6, 2007

in SysAdmin

Apache 2.0 changed the default DocumentRoot permissions to be very restrictive. While I can’t argue this is a better security paradigm than less restrictive default permissions, in the real world upgrading a server with 300+ domains, it can be a pain to script permissions changes in all of the config files.

<Directory />
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

Change the default permissions to be less restrictive with this instead:

<Directory />
    AllowOverride None
    Order Deny,Allow
</Directory>

Damon Parker is a freelance sysadmin and web developer in Texas. He specializes in server setup, server security and high performance server configurations. Need help setting up a web server or getting a server back online after a crash or hack? Email Damon

Raven Tools SEO Tools

{ 9 comments… read them below or add one }

TDavis June 4, 2009 at 1:12 pm

Terrific fix. Many thanks.

Reply

moecklund October 23, 2009 at 4:53 pm

Lovely lovely lovey
That was it
thx!

Reply

Gazbrad February 5, 2010 at 9:16 am

At last! Thank you very much for this info.

I’m doing some Apache/PHP/mySQL tutorials and not being able to start my personal web pages for testing was driving me insane. All is well with the world now and I can stick my virtual hair back onto my head.

Reply

mao February 17, 2010 at 12:42 am

thanks a lot . You save my job. I have confused with this error for a week, try to solve it from google but always fail. Until I find the right solution from you. Thank you guy!

Reply

Rabbit May 7, 2010 at 4:05 pm

Hi, I am getting a 403 error for all my static content which should be served by apache. I tried to comment out the line which you have mentioned above, but that did not take care of the error. I have checked all the permissions and the apache user has permissions to view all the static content. What could the problem be???? Please help as we go live in a week!!!

Reply

damonp May 7, 2010 at 4:24 pm

Have you looked in the error log to see the full error?

Reply

Antonio Veneroso August 24, 2010 at 10:52 am

Rabbit, remember that, each time you change something in httpd, you must restart apache.
damonp, your solution is nice, but I think instead of allowing everyone to see the root directory you should allow only the htdocs directory. In the httpd.conf, right after

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all

there is another rule, exclusive for the htdocs directory

# Note that from this point forward you must specifically allow
# particular features to be enabled – so if something’s not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

Hope this helps to someone.
Antonio.

Reply

SN September 24, 2010 at 11:51 am

Awesome!! This helped me so much! Fixed my long pending error on a jiffy.. thanks so much

Reply

Iain Wright October 26, 2011 at 2:45 pm

Cheers! Was the only thing that would fix my 403 forbidden

Reply

Leave a Comment

{ 2 trackbacks }

Previous post:

Next post: