Apache2 virtualhost 403 forbidden?

47
votes

I'm running ubuntu 13.04 64bit on my desktop, I installed Apache2, MySQL and PHP etc.

I wanted to have my web root in /home/afflicto/public_html instead of /var/www. So I went along with this guide:
http://www.maketecheasier.com/install-and-configure-apache-in-ubuntu/2011/03/09
(I did everything from "configuring different sites") as I like the solution more.

Here's what I did:
Installed Apache2, MySQL etc..
copied /etc/apache2/sites-avaliable/default to /etc/apache2/sites-available/afflicto. Then edited it, it now looks like the following:

/etc/apache2/sites-available/afflicto 

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/afflicto/public_html
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /home/afflicto/public_html/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

I did sudo a2dissite default && sudo a2ensite afflicto && sudo service apache2 restart

I created a index.php and index.html in /home/afflicto/public_html/test/
when accessing localhost/test or localhost/test/index.html etc, I get 403 forbidden error.

What am I doing wrong? thanks in advance.

update 1
I have set the owner of the public_html directory to www-data.
Also sudo chmod -R +x public_html && sudo chmod -R 777 public_html
Still same 403 error.

Here's the output of the apache error log: 

[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to / denied

[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
4
ubuntuapache2virtualhosthttp-status-code-403

4 Answers

112
votes

I was faced with this issue. But I didn't like the idea of changing the group of my home directory to www-data. This problem can simply be solved by modifying the configuration file for the virtualHost. Simply configure the Directory tag to include these

<Directory "your directory here">
   Order allow,deny
   Allow from all
   Require all granted
</Directory>

The Require all granted is a new feature I guess; having a default value of denied.

see this page for further info: http://httpd.apache.org/docs/current/mod/core.html#directory

23
votes

Turns out I had to chmod not only /home/afflicto/public_html but also /home/afflicto/ directory as well.

Weird.

0
votes

These options worked for me:

 Options Indexes FollowSymLinks
 AllowOverride All   
 Require all granted
0
votes

Here's another answer intending to add a simpler explanation. Let's say you want to serve a file named "main" which is in the /var/www/testwebsite directory(the DocumentRoot of an already configured & enabled virtual host). Now assume we want the Apache web server to only have access to the "main" file and not other files(e.g. main might be an entry point to our web app), then it means that the apache web server has to be the owner of that file. so chown www-data:www-data /var/www/testwebsite/main must do it. (notice: www-data is both the name of the user and the name of the group that apache uses when interacting with other files(actually, on distributions other than Ubuntu, this might be a different name, in which case it can simply be looked up in the apache2.conf as well)). Also in case the "main" file doesn't have the permission to be read/executed, it must be granted to the apache's user and group: chmod 770 /var/www/testwebsite/main. This gives the user(www-data) and the group(www-data) who are owners of the file "main" these permissions: read/write/execute(4+2+1=7), and gives other users no permissions. Now that single file(main) can be run by the Apache while we can have any other strict level of restriction on all other files in the /var/www/testwebsite directory.