Apache 2.4 - 403 Forbidden (AH01630: client denied by server configuration)

I recently updated one of my development machines to Ubuntu 13.10 which now uses Apache 2.4 by default. In my case, I had updated a machine that was previously running Ubuntu version 13.04 and had been running Apache 2.2.

Apache 2.4After the upgrade, I was disturbed to find that none of my sites worked! I kept getting Apache 403 (Forbidden) error messages. I figured the upgrade had changed my configurations or something... but after fruitlessly messing with the config files (and seeing nothing wrong with them) I figured I'd look in the apache error log, which is located in /var/log/apache2/error.log by default on Ubuntu 13.10. To my surprise, I found lots of the following errors:

AH01630: client denied by server configuration: /path/to/my/sites

I had never seen that before. Then I noticed at the top of the log file "AH00163: Apache/2.4.6 (Ubuntu)". Ohhhhh....  So we're using the new 2.4 eh? After some google searches, I found out that Apache 2.4 comes with some security enhancements that attempt to make it more difficult for hackers to hide their files on a compromised system. That's neat, but I need to get my sites to work.

After reading a bit of the 2.4 Access Control Documentation, I found that a quick easy fix is to add a directory rule to your main apache config file (/etc/apache2/apache2.conf by default on Ubuntu):

<Directory /path/to/my/sites>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Restart Apache, and boom, all sites are now loading just fine. The idea behind these rules is to make it so that hackers who, say, use SQL injection to access your PHP site, have a harder time hiding their files in obscure directories on your system, amond other things.

Hope this helps!
Jordan

 

Comments

1
Rafal_P

Yeah - works well - good job!!!

2
vLight

I hab everywhere (alias, vhosts) "403 Forbidden" on my local machine after i've switched to apache 2.4.6 nice solution was found in phpmyadmin alias


	
       Require local
    
    
	  Order Deny,Allow
	  Deny from all
	  Allow from localhost ::1 127.0.0.1
	

3
Hal 9000

Rock and roll, brotha...that fixed it it for me. Thanks so much!

4
khlag

'Require all granted' in directory entries: works like a charm! Thank you!

5
Vandendaele

Thank you a lot ! I was trying to install Drupal 8 on Xampp, all my sites were ok, but not D8 ... Now it works fine.

6
Theoni

Bless you! I'd just upgraded to SuSE 13.2, and was having some problems with my head that sinus couldn't account for trying to restore the server's awareness of /var2/home as an alternative to /home. I hate it when machines want to argue.....

7
Sendil Rajendhran

Thank you! It worked.. I had a hard time trying to get around this issue on Ubuntu. I messed up my whole dev environment trying to find a solution (sleepless night)...Finally!!

8
Mikw

'Require all granted' in directory entries: works like a charm! Thank you!

Write your comment

(it will not be displayed)

Leave this field empty: