错误消息“禁止您无权访问/在此服务器上”
我已经自己configuration了我的Apache,并尝试加载一个虚拟主机上的phpMyAdmin ,但我收到:
403禁止您无权访问/在此服务器上
我的httpd.conf
# # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.2> for detailed information. # In particular, see # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" # with ServerRoot set to "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" will be interpreted by the # server as "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/foo.log". # # NOTE: Where filenames are specified, you must use forward slashes # instead of backslashes (eg, "c:/apache" instead of "c:\apache"). # If a drive letter is omitted, the drive on which httpd.exe is located # will be used by default. It is recommended that you always supply # an explicit drive letter in absolute paths to avoid confusion. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do not add a slash at the end of the directory path. If you point # ServerRoot at a non-local disk, be sure to point the LockFile directive # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile. # ServerRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 127.0.0.1:80 Include conf/vhosts.conf # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule authn_alias_module modules/mod_authn_alias.so #LoadModule authn_anon_module modules/mod_authn_anon.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so #LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule cache_module modules/mod_cache.so #LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule cgi_module modules/mod_cgi.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule dav_module modules/mod_dav.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule dav_lock_module modules/mod_dav_lock.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule deflate_module modules/mod_deflate.so LoadModule dir_module modules/mod_dir.so #LoadModule disk_cache_module modules/mod_disk_cache.so #LoadModule dumpio_module modules/mod_dumpio.so LoadModule env_module modules/mod_env.so #LoadModule expires_module modules/mod_expires.so #LoadModule ext_filter_module modules/mod_ext_filter.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule filter_module modules/mod_filter.so #LoadModule headers_module modules/mod_headers.so #LoadModule ident_module modules/mod_ident.so #LoadModule imagemap_module modules/mod_imagemap.so LoadModule include_module modules/mod_include.so #LoadModule info_module modules/mod_info.so LoadModule isapi_module modules/mod_isapi.so #LoadModule ldap_module modules/mod_ldap.so #LoadModule logio_module modules/mod_logio.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule mime_module modules/mod_mime.so #LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule negotiation_module modules/mod_negotiation.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule reqtimeout_module modules/mod_reqtimeout.so #LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so #LoadModule speling_module modules/mod_speling.so #LoadModule ssl_module modules/mod_ssl.so #LoadModule status_module modules/mod_status.so #LoadModule substitute_module modules/mod_substitute.so #LoadModule unique_id_module modules/mod_unique_id.so #LoadModule userdir_module modules/mod_userdir.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule version_module modules/mod_version.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule php5_module "c:/Program Files/php/php5apache2_2.dll" <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User daemon Group daemon </IfModule> </IfModule> # 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. eg admin@your-domain.com # ServerAdmin webmaster@somenet.com # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # #ServerName www.somenet.com:80 # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # This should be changed to whatever you set DocumentRoot to. # <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> # # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog "logs/error.log" # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn <IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # CustomLog "logs/access.log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # #CustomLog "logs/access.log" combined </IfModule> <IfModule alias_module> # # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location. # Example: # Redirect permanent /foo http://www.somenet.com/bar # # Alias: Maps web paths into filesystem paths and is used to # access content that does not live under the DocumentRoot. # Example: # Alias /webpath /full/filesystem/path # # If you include a trailing / on /webpath then the server will # require it to be present in the URL. You will also likely # need to provide a <Directory> section to allow access to # the filesystem path. # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # ScriptAlias /cgi-bin/ "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/" </IfModule> <IfModule cgid_module> # # ScriptSock: On threaded servers, designate the path to the UNIX # socket used to communicate with the CGI daemon of mod_cgid. # #Scriptsock logs/cgisock </IfModule> # # "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> # # DefaultType: the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain <IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # TypesConfig conf/mime.types # # AddType allows you to add to or override the MIME configuration # file specified in TypesConfig for specific file types. # #AddType application/x-gzip .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi # For type maps (negotiated resources): #AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # #AddType text/html .shtml #AddOutputFilter INCLUDES .shtml AddType application/x-httpd-php .php </IfModule> # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # #MIMEMagicFile conf/magic # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.somenet.com/subscription_info.html # # # MaxRanges: Maximum number of Ranges in a request before # returning the entire resource, or one of the special # values 'default', 'none' or 'unlimited'. # Default setting is to accept 200 Ranges. #MaxRanges unlimited # # EnableMMAP and EnableSendfile: On systems that support it, # memory-mapping or the sendfile syscall is used to deliver # files. This usually improves server performance, but must # be turned off when serving from networked-mounted # filesystems or if support for these functions is otherwise # broken on your system. # #EnableMMAP off #EnableSendfile off # Supplemental configuration # # The configuration files in the conf/extra/ directory can be # included to add extra features or to modify the default configuration of # the server, or you may simply copy their contents here and change as # necessary. # Server-pool management (MPM specific) #Include conf/extra/httpd-mpm.conf # Multi-language error messages #Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings #Include conf/extra/httpd-languages.conf # User home directories #Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts #Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings #Include conf/extra/httpd-default.conf # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> PHPIniDir "c:/Program Files/php" 和vhosts.conf:
NameVirtualHost 127.0.0.1:80 <VirtualHost 127.0.0.1:80> DocumentRoot i:/projects/webserver/__tools/phpmyadmin/ ServerName dbadmin.tools </VirtualHost>
2016年10月更新
4年前,由于这个答案被很多人用来作为参考,虽然这些年我从安全angular度学到了很多东西,但我觉得我有责任去澄清一些重要的笔记,并且相应地更新我的答案。
原来的答案是正确的,但对于一些生产环境来说并不安全,另外我想解释一些在设置环境时可能遇到的问题。
如果你正在寻找一个快速的解决scheme和安全不是一件很重要的事情,即开发环境,跳过并阅读原来的答案
许多场景可能会导致403禁止 :
A.目录索引(来自mod_autoindex.c )
当你访问一个目录,并且在这个目录中没有find默认文件时,并且这个目录没有启用Apache Options Indexes 。
A.1。 DirectoryIndex选项的例子
DirectoryIndex index.html default.php welcome.php
A2。 Options Indexes选项
如果设置,如果没有find默认文件,apache会列出目录内容(从上面的选项)
如果没有满足上述条件
你将收到一个403禁止
build议
- 除非真的需要,否则不应允许目录列表。
- 将默认索引
DirectoryIndex限制为最小值。 - 如果你想修改,只需修改所需的目录,例如使用
.htaccess文件,或者把你的修改放在<Directory /my/directory>指令中
B. deny,allow指令(Apache 2.2)
@Radu提到,@Simon A. Eugster在您提出的意见中被拒绝,被列入黑名单或被这些指令列入白名单。
我不会发表一个完整的解释,但我想一些例子可能会帮助你理解,总之请记住这条规则:
如果两者匹配,最后将赢得胜利
Order allow,deny
如果两个指令都匹配,Deny将会赢(即使allow指令是在conf中的deny后面写的)
Order deny,allow
如果两个指令都匹配,则允许获胜
例1
Order allow,deny Allow from localhost mydomain.com
只有本地主机和* .mydomain.com可以访问这个,所有其他主机被拒绝
例2
Order allow,deny Deny from evil.com Allow from safe.evil.com # <-- has no effect since this will be evaluated first
所有请求都被拒绝,最后一行可能会欺骗你,但请记住,如果与最后一条胜利规则(这里是Deny是最后一条)相同,
Order allow,deny Allow from safe.evil.com Deny from evil.com # <-- will override the previous one
例4
Order deny,allow Allow from site.com Deny from untrusted.site.com # <-- has no effect since this will be matched by the above `Allow` directive
所有主机都接受请求
示例4:典型的公共站点(允许除非列入黑名单)
Order allow,deny Allow from all Deny from hacker1.com Deny from hacker2.com
示例5:通常用于Intranet和安全站点(拒绝,除非列入白名单)
Order deny,allow Deny from all Allow from mypc.localdomain Allow from managment.localdomain
C. Require指令(Apache 2.4)
Apache 2.4使用一个名为mod_authz_host的新模块
Require all granted =>允许所有请求
Require all denied =>拒绝所有请求
Require host safe.com =>只能从safe.com被允许
D.文件权限
大多数人做错的一件事是configuration文件权限,
黄金规则是
根据您的需要启动,无需许可
在linux中:
-
目录应具有
Execute权限 -
文件应具有
Read权限 -
是的,你是对的不要添加文件的
Execute权限
例如,我使用这个脚本来设置文件夹权限
# setting permissions for /var/www/mysite.com # read permission ONLY for the owner chmod -R /var/www/mysite.com 400 # add execute for folders only find /var/www/mysite.com -type d -exec chmod -R u+x {} \; # allow file uploads chmod -R /var/www/mysite.com/public/uploads u+w # allow log writing to this folder chmod -R /var/www/mysite.com/logs/
我发布了这个代码作为例子,在其他情况下安装可能会有所不同
原始答复
我面临同样的问题,但是我通过在httpd.conf中的全局目录设置或httpd-vhosts.conf中的特定目录块中设置options指令来解决这个问题:
Options Indexes FollowSymLinks Includes ExecCGI
默认情况下,你的全局目录设置是(httpd.conf line ~188) :
<Directory /> Options FollowSymLinks AllowOverride All Order deny,allow Allow from all </Directory>
将选项设置为: Options Indexes FollowSymLinks Includes ExecCGI
最后,它应该是这样的:
<Directory /> #Options FollowSymLinks Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order deny,allow Allow from all </Directory>
另外尝试更改Order deny,allow和Allow from all行Require all granted 。
附录
目录索引源代码(为简洁起见,删除了一些代码)
if (allow_opts & OPT_INDEXES) { return index_directory(r, d); } else { const char *index_names = apr_table_get(r->notes, "dir-index-names"); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276) "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and " "server-generated directory index forbidden by " "Options directive", r->filename, index_names ? index_names : "none"); return HTTP_FORBIDDEN; }
我知道这个问题已经解决了,但是我碰巧自己解决了这个问题。
的原因
禁止您无权访问/在此服务器上
实际上是httpd.conf apache目录的默认configuration。
# # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory "/"> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all # the cause of permission denied </Directory>
简单地将Deny from all改为Allow from all应该解决权限问题。
或者,更好的方法是在虚拟主机configuration上指定单独的目录权限。
<VirtualHost *:80> .... # Set access permission <Directory "/path/to/docroot"> Allow from all </Directory> .... </VirtualHost>
但是从Apache-2.4开始 ,访问控制是使用新模块mod_authz_host ( 从2.2升级到2.4 )完成的。 因此,应该使用新的Require指令。
<VirtualHost *:80> .... # Set access permission <Directory "/path/to/docroot"> Require all granted </Directory> .... </VirtualHost>
对于在默认的/ var / www /之外托pipe的目录,常见的问题是Apache用户不仅需要访问托pipe站点的目录和子目录的权限。 Apache需要对所有目录的权限,一直到托pipe该站点的文件系统的根目录。 安装Apache时,Apache自动获得分配给/ var / www /的权限,所以如果你的主机目录直接在它下面,那么这不适用于你。 编辑:Daybreaker报告说,他的Apache安装没有正确的访问权限的默认目录。
例如,你有一个开发机器,你的网站的目录是:
/username/home/Dropbox/myamazingsite/
你可能会认为你可以逃避:
chgrp -R www-data /username/home/Dropbox/myamazingsite/ chmod -R 2750 /username/home/Dropbox/myamazingsite/
因为这给Apache的访问权限来访问您的网站的目录? 那么这是正确的,但这是不够的。 Apache需要权限在目录树上,所以你需要做的是:
chgrp -R www-data /username/ chmod -R 2750 /username/
很明显,我不build议将生产服务器上的Apache访问权限赋予一个完整的目录结构,而不必分析该目录结构中的内容。 对于生产,最好保持默认的目录或其他目录结构,只是为了保存networking资产。
Edit2:正如u / chimeraha所指出的那样,如果你不确定你的权限是什么,最好把你的站点的目录移出你的主目录,以避免你自己locking在主目录之外。
Apache 2.4中的一些configuration参数已经改变。 当我创build一个Zend Framework 2应用程序时,我遇到了类似的问题。 经过一番研究,这里是解决scheme:
错误的configuration
<VirtualHost *:80> ServerName zf2-tutorial.localhost DocumentRoot /path/to/zf2-tutorial/public SetEnv APPLICATION_ENV "development" <Directory /path/to/zf2-tutorial/public> DirectoryIndex index.php AllowOverride All Order allow,deny #<-- 2.2 config Allow from all #<-- 2.2 config </Directory> </VirtualHost>
正确的configuration
<VirtualHost *:80> ServerName zf2-tutorial.localhost DocumentRoot /path/to/zf2-tutorial/public SetEnv APPLICATION_ENV "development" <Directory /path/to/zf2-tutorial/public> DirectoryIndex index.php AllowOverride All Require all granted #<-- 2.4 New configuration </Directory> </VirtualHost>
如果你打算从Apache 2.2迁移到2.4,这里有一个很好的参考: http : //httpd.apache.org/docs/2.4/upgrading.html
用Apache 2.2
Order Deny,Allow Allow from all
与Apache 2.4
Require all granted
如果您正在使用WAMP服务器,请尝试以下操作:
-
单击任务栏上的WAMP服务器图标
-
select在线放置的选项
-
您的服务器将自动重启
-
然后尝试访问您的本地网站
在使用Apache 2.4的 Ubuntu 14.04上 ,我做了以下操作:
在文件apache2.conf ( /etc/apache2 )中添加以下内容:
<Directory /home/rocky/code/documentroot/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
并重新加载服务器:
sudo service apache2 reload
编辑:这也适用于OS X Yosemite与Apache 2.4。 最重要的路线是
要求所有授予
我通过将用户添加到httpd.conf来解决了我的问题。
# User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # #User daemon User my_username Group daemon
本文在Apache 2.2上创build虚拟主机帮助我(第9点)访问顶级虚拟主机目录。
我只是将这些行添加到我的vhosts.conf文件中:
<Directory I:/projects/webserver> Order Deny,Allow Allow from all </Directory>
如果你在SELinux中使用CentOS Try:
sudo restorecon -r /var/www/html
查看更多: https : //www.centos.org/forums/viewtopic.php?t=6834#p31548
我得到了同样的错误,无法找出年龄的问题。 如果您恰好在包含SELinux (如CentOS)的Linux发行版上,则需要确保SELinux权限已针对您的文档根文件正确设置,否则会出现此错误。 这是对标准文件系统权限的一组完全不同的权限。
我偶然使用了Apache和SELinux的教程,但是一旦你知道要找什么,似乎还有很多东西。
如果您使用的是MAMP Pro,解决这个问题的方法是检查Hosts – Extended选项卡下的Indexescheckbox。
在MAMP Pro v3.0.3中是这样的: 
还有另一种方法可以解决这个问题。 假设你想要访问/var/www/html/subphp目录中的“subphp”目录,并且你想用127.0.0.1/subphp来访问它,并且你收到如下的错误信息:
您无权访问此服务器上的/ subphp /。
然后将目录权限从“无”更改为“访问文件”。 命令行用户可以使用chmod命令来更改权限。
我使用的是Mac OS X,在我的情况下,我只是忘了在apache中启用php,我只需要从/etc/apache2/httpd.conf取消注释:
LoadModule php5_module libexec/apache2/libphp5.so
请参阅这篇文章的细节。
我有同样的问题,但由于事实上,我改变了Apache的path到var / www之外的文件夹,我开始遇到问题。
我通过在var / www / html> home / dev / project中创build一个符号链接来解决这个问题,它似乎在做诡计,而不必更改任何权限。
我遇到了这个问题,而我的解决scheme是,www-data没有拥有正确的文件夹,而是为其中一个用户设置了它。 (我试图做一些幻想,但错误的欺骗,让ftp玩好。)
运行后:
chown -R www-data:www-data /var/www/html
机器又开始提供数据。 你可以看到谁目前拥有该文件夹
ls -l /var/www/html
此解决scheme不允许所有
我只是想改变我的公共目录www,并从我的电脑访问,并通过Wifi连接的移动。 我已经Ubuntu 16.04。
-
所以,我首先修改了/etc/apache2/sites-enabled/000-default.conf,然后为我的新公共目录DocumentRoot“/ media / data / XAMPP / htdocs”更改了DocumentRoot / var / www / html这一行。
-
然后我修改了/etc/apache2/apache2.conf,我把localhost和我的手机的权限都放了,这次我用的是IP地址,我知道这个不是很安全,但是对我的目的来说还是可以的。
<Directory/> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from localhost 10.42.0.11 </Directory>
我只有一个特定的控制器相同的问题 – 这真的很奇怪。 我在CI文件夹的根目录中有一个文件夹,名称与我尝试访问的控制器名称相同…因此,CI正在将请求引导到此目录而不是控制器本身。
删除这个文件夹(这是有一点错误),这一切工作正常。
更清楚的是,它是这样的:
/ci/controller/register.php /ci/register/
我不得不删除/ci/register/ 。
检查你准备把你的文件放在哪里,不要将它们嵌套在Documents文件夹中。
例如,我犯了错误,把我的代码放在如上所述的Documents文件夹中,因为Documents只显示给你,而不是APACHE。 尝试将其移动到一个目录,您可能不会看到这个问题。
移动文件夹:
/用户/ YOURUSERNAME /文档/代码
到这里:/用户/ YOURUSERNAME /代码
只是为了带来另一个贡献,我也遇到了这个问题:
我有一个VirtualHostconfiguration,我不想。 我已经注意到包含虚拟主机的那一行,它工作。
(在Windows和Apache 2.2.x中)
“Forbidden”错误也是没有定义虚拟主机的结果。
如Julien所述,如果您打算使用虚拟hosts.conf ,请转至httpd文件并取消注释以下行:
#Include conf/extra/httpd-vhosts.conf
然后将您的虚拟主机定义添加到conf/extra/httpd-vhosts.conf然后重新启动Apache。
您可以像这样的代码更改youralias.conf文件:
Alias /Quiz/ "h:/MyServer/Quiz/" <Directory "h:/MyServer/Quiz/"> Options Indexes FollowSymLinks AllowOverride all <IfDefine APACHE24> Require local </IfDefine> <IfDefine !APACHE24> Order Deny,Allow Deny from all Allow from localhost ::1 127.0.0.1 </IfDefine> </Directory>
请记住,在这种情况下要configuration的正确文件不是phpMyAdmin别名中的httpd.conf,而是在bin/apache/your_version/conf/httpd.conf 。
寻找以下行:
DocumentRoot "c:/wamp/www/" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Allow from all </Directory>
确保它被设置为Allow from all …
如果没有,phpMyAdmin甚至可能会工作,但不是你的根和其他文件夹下。 此外,请记住重新启动WAMP,然后把网上…
这解决了我的头痛。
在运行Docker构build之前,使用SSHFS从本地文件系统装入我的VirtualBox guest中的文件时遇到了此问题。 最后,“修复”是将所有文件复制到VirtualBox实例,而不是从SSHFS安装内部构build,然后从那里运行构build。
工作方法(除非没有其他问题)
默认情况下,Apache不限制从IPv4访问(公共外部IP地址)
限制的是“ httpd.conf ”中给出的命令。
全部replace
<Directory /> AllowOverride none Require all denied </Directory>
同
<Directory /> AllowOverride none # Require all denied </Directory>
因此消除了对Apache的所有限制。
用C:/ wamp / www /目录replaceRequire local和Require all granted 。
<Directory "c:/wamp/www/"> Options Indexes FollowSymLinks AllowOverride all Require all granted # Require local </Directory>
试试这个,不要添加任何内容Order allow,deny和其他:
AddHandler cgi-script .cgi .py ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all granted Allow from all </Directory>
sudo a2enmod cgi sudo service apache2 restart
更改configuration文件后,请不要忘记Restart All Services 。
我浪费了三个小时的时间。
这是相当荒谬的,但是当我试图下载的文件不在文件系统中时,我得到了403禁止访问。 在这种情况下,Apache的错误是不是很准确,整个事情工作后,我只是把它的文件应该是。
我们已经启用了modsec,检查站点的错误日志中的一个modsec ID,然后input一个位置匹配的文件在虚拟主机(或.htaccess我猜):
<LocationMatch "/yourlocation/index.php"> <IfModule security2_module> SecRuleRemoveById XXXXXXX </IfModule> </LocationMatch>
为了给这个增长的列表添加另一个潜在的问题,我的问题(运行CentOS 6.8)是一个特定的虚拟主机,在另一台服务器上工作正常,问题原来是一个错误的.htaccess文件使用mod_rewrite:
在.htaccess中,这导致了403错误: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / </IfModule>
添加FollowSymLinks作为第一行修复了这个问题: <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteBase / </IfModule>
