Error 403 on Apache server, You don't have permission to access / on this server.

Tue Jan 31 14:19:50 UTC 2012

On Sun, 2012-01-29 at 10:24 +0200, Alan Holt wrote:
> And I have domain example.domain.com where I want to see file listing
> in the current directory, but when I go in the browser to
> example.domain.com I get the next error:
>  
> Forbidden
> You don't have permission to access / on this server.

You need to check file permissions, SELinux, and HTTP configuration
(directory and URI access permissions).  Other restrictions, such as
IP/address based should generate a different error message.

Do you also get an error if you try viewing a particular file/page,
rather than getting a list?

> So I don't know what is the problem =( 
> My httpd.conf: 
>  
> <Directory />
>     Order allow,deny
>     Allow from All
>     AllowOverride All
>     IndexOptions +FancyIndexing
>     Options +Indexes Includes MultiViews FollowSymLinks AuthConfig
> FileInfo
> </Directory>

That's only a very small portion of the config file, and not the only
place in the config file that can constrain access.  That's the place
that sets the basic file path defaults, there's another for more
specific locations, such as /var/www/html
> 
> My .htaccess file: 
> [root at services QaTests]# cat .htaccess
> Options +Indexes

Shouldn't be needed, if you specify the directives that you want in the
configuration file.  Also, the allowoverride config option that can be
set in the config file can have different allow/deny rules depending on
the filepath.  You've only shown us the rules for /, paths inside that
could be more restricted.

> My directory:
> drwxrwsrwt    5 root apache  4096 Jan 26 17:15 QaTests

That's overly permissive.  You do NOT want to give world writable
privileges.  And files should not be owned by apache, even as the apache
group rather than apache user, for the same reason (you've given the
group write access).  Any other security holes, and you allow visitors
to write files on your system.

drwxr-xr-x- is enough for directories.

Make sure that your permissions are appropriate all the way back to the
root of the file system.  All the parent directories, as well as your
document root, need to have world readable and executable permissions.

Web serving is easier, as a starting point for beginners, if you serve
files from the default /var/www/html location.  If you want to serve
from elsewhere, you need to understand how to set SELinux options, and
how to make them stick through any automatic relabels.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.