Apache2 AH01630 client denied by server configuration

Question

I get this error when trying to access localhost via a browser   AH01630  client denied by server configuration   I checked my site folder permissions using   sudo chmod 777 -R     Here is my configuration file    lt VirtualHost   80 gt  ServerAdmin webmaster localhost  DocumentRoot  home user-name www myproject  lt Directory   gt      Options FollowSymLinks     AllowOverride all     Allow from all  lt  Directory gt    lt Location   gt    Allow from all   Order Deny Allow  lt  Location gt    lt Directory   home user-name www myproject  gt      Options Indexes FollowSymLinks MultiViews     AllowOverride all     Order allow deny     Allow from all  lt  Directory gt   ScriptAlias  cgi-bin   usr lib cgi-bin   lt Directory   usr lib cgi-bin  gt      AllowOverride all     Options  ExecCGI -MultiViews  SymLinksIfOwnerMatch     Order allow deny     Allow from all  lt  Directory gt   ErrorLog   APACHE LOG DIR  error log    Possible values include  debug  info  notice  warn  error  crit    alert  emerg  LogLevel warn  CustomLog   APACHE LOG DIR  access log combined  Alias  doc    usr share doc    lt Directory   usr share doc   gt      Options Indexes MultiViews FollowSymLinks     AllowOverride all     Order deny allow     Deny from all     Allow from 127 0 0 0 255 0 0 0   1 128  lt  Directory gt

User · Answer

If you tail the error log and reload the page, you should see some more information as to the exact problem.

Grab the environment variables so ${APACHE_LOG_DIR} will actually work...

source /etc/apache2/envvars

Then tail and watch...

tail -f ${APACHE_LOG_DIR}/error.log

User · Answer

For those who stuck at this error as me and nothing helped from above  check if problem folder from error log actually exists on your server  Mine was generated automatically by Django in wrong place  was messed with static root  then manage py collectstatic   Have no idea why one can not name errors correctly

User · Answer

For me  I had actually updated the Allow and Deny rules based on the 2 4 standard   Require all granted   However  this was still causing me to receive the same AH01630 error  I found another thread and it suggested reinstalling apache2  Somehow this worked  If anyone cares to explain why  that would be helpful    Credit to  AH01630  client denied by server configuration but require all granted is set  Apache 2 4  CentOs

User · Answer

This drove me absolutely nuts for a day and a half but I found a solution if all other solutions have been tried unsuccessfully    This is for macOS    Go to activity Monitor  spotlight search for  activity  In activity monitor search for httpd which is the Apache service Select the one that belongs to root and click X on the top left to close it    At that point I immediately stopped getting 403 errors and everything started working as expected  Weird thing is i didn t even have to restart apache it just worked  i guess it restarted itself when i went to my localhost  I honestly don t know but I guess the problem is Apache not actually restarting when using apachectl restart  or stop or start  Hope this helps someone

User · Answer

I actually solved this one by adding the directory access to the  80 entry     lt Directory  c  whatever-directory-you-use   gt      AllowOverride All     Require all granted  lt  Directory gt    Before everyone gets all  security  on me  under my specific circumstances this is not a security issue   If you are using a remote resource  I d recommend instead make sure your CURL request goes via HTTPS   TLS  then this directory entry goes on the 443 port

User · Answer

in my case   i m using macOS Mojave  Apache 2 4 34   There was an issue in virtual host settings at  etc apache2 extra httpd-vhosts conf file  after adding the required directory tag my problem was gone   Require all granted  Hope the full virtual host setup structure will save you    lt VirtualHost   80 gt      DocumentRoot   Users vagabond Sites MainProjectFolderName public       ServerName project loc       lt Directory  Users vagabond Sites MainProjectFolderName public  gt          Require all granted      lt  Directory gt       ErrorLog   Users vagabond Sites logs MainProjectFolderName loc-error log      CustomLog   Users vagabond Sites logs MainProjectFolderName loc-access log  common  lt  VirtualHost gt    all you ve to do replace the MainProjectFolderName with your exact ProjectFolderName

User · Answer

I got another one that may be useful to someone  Was receiving the same error message after upgrading from PHP 5 6    7 0  We had changed the PHP upload settings  and forgot to change once copied over   Even though i wasn t uploading images at the time  Silverstripe  our CMS  was refusing to save and throwing that error  Increased the image upload size and it worked straight away

User · Answer

Beside missing Order and Allow directives mentioned in other answers be aware that a non-matching regular expression of a DirectoryMatch directive may also cause this error   If the requested path is  home user-foo1bar www myproject  the folloing matcher won t match   lt DirectoryMatch   home user- a-z   www myproject   gt       lt  DirectoryMatch gt    thus  even a valid access configuration might cause this error

User · Answer

I made the same changes that ravisorg suggested to OSX 10 10 Yosemite that upgrades Apache to version 2 4  Below are the changes that were added to http conf    lt Directory   gt      AllowOverride none     Require all denied  lt  Directory gt    lt Directory  Volumes Data Data USER Sites  gt      AllowOverride none     Require all granted  lt  Directory gt

User · Answer

Because this thread is the first thing that pops up when searching for the error mentioned I would like to add another possible cause for this error  you may have mod evasive active and the client seeing this error simply has crossed the limits configured in your mod evasive conf  This is especially a cause worth investigating if you are suddenly getting this error for a client that had no problems before and nothing else has changed    if mod evasive is the cause then the error will go away by itself if the client just temporarily stops trying to access the site  however it may be a sign that you have configured too tight limits

User · Answer

For all directories write Require all granted instead of Allow from all   Update  If the above doesn t work then also remove this below mentioned line      Order allow deny

User · Answer

If you have https host then don t forget to make Require all granted changes for ssl config too   Also  sometimes it s useful to check permissions as the apache user     ps -eFH   grep http   get the username used by httpd     apache   18837  2692  0 119996 9328   9 10 33          00 00 00      usr sbin httpd -DFOREGROUND   su -s bin bash apache   switch to that user bash-4 2  whoami apache bash-4 2  cd  home bash-4 2  ls bash-4 2  cd mysite com bash-4 2  ls bash-4 2  cat file-which-does-not-work txt

User · Answer

I got resolved my self after spending couple of hours   I installed Apache 2 4 7  Ubuntu  through coookbook in vagrant vm    etc apache2 apache2 conf file does not have  lt VirtualHost   80 gt  element by default   I did two changes to get it done   added  lt VirtualHost   80 gt  added Options Indexes FollowSymLinks AllowOverride all Allow from all     then finally I just booted vm

User · Answer

When using Ubuntu check whether the CGI module is enabled  If not   sudo a2enmod cgi

User · Answer

In case this helps anyone Googling around like I was  I had this error message trying to access a SVG file on my server  e g  https   example com images file svg   Other file types seemed fine  just SVG were failing   I hunted around  etc httpd conf files and checked every require all denied type of configuration  and just could not find what config was having this effect   I turned LogLevel to debug in the VirtualHost config and could see the mod authz core logging specifying there was a  Require all denied  in effect    Mon Jun 10 13 09 54 321022 2019   authz core debug   pid 23459 tid 140576341206784  mod authz core c 817    client 127 0 0 1 54626  AH01626  authorization result of Require all denied  denied  Mon Jun 10 13 09 54 321038 2019   authz core debug   pid 23459 tid 140576341206784  mod authz core c 817    client 127 0 0 1 54626  AH01626  authorization result of  lt RequireAny gt   denied  Mon Jun 10 13 09 54 321082 2019   authz core error   pid 23459 tid 140576341206784   client 127 0 0 1 54626  AH01630  client denied by server configuration   home blah htdocs images file svg   Through blind testing I moved the file to the root of the web root  and found I could then access it at https   example com file svg    so it only failed in the  images  folder   This led me to an  htaccess file in the images folder that I had no idea was there   Turns out Zen Cart 1 5 comes with an images  htaccess file that has     deny  everything    lt FilesMatch      gt      lt IfModule mod authz core c gt       Require all denied     lt  IfModule gt      lt IfModule  mod authz core c gt       Order Allow Deny      Deny from all     lt  IfModule gt    lt  FilesMatch gt      but now allow just  certain  necessary files    lt FilesMatch    i      jpe g gif webp png swf     gt      lt IfModule mod authz core c gt       Require all granted     lt  IfModule gt      lt IfModule  mod authz core c gt       Order Allow Deny      Allow from all     lt  IfModule gt    lt  FilesMatch gt    This was very annoying and I hope this might remind others to check  htaccess files at every level of the file system leading to the file you re having trouble accessing in case there is this kind of tom foolery going on

User · Answer

The problem may be that directive is not under  lt  Directory   https   httpd apache org docs 2 4 mod mod authz host html requiredirectives  The directive can be referenced within a  lt  Directory    lt  Files   or  lt  Location  section as well as  htaccess files to control access to particular parts of the server  Access can be controlled based on the client hostname or IP address

User · Answer

For me  all proposed solutions won t worked  This can help  if you use cgi  fastcig or fpm as proxy you have to add a location in your vhost to avoid this problem  This allows 404 to be passthrough proxy    lt Location   gt  require all granted  lt  Location gt

User · Answer

If you are using Apache 2 4 in WampServer on windows OS    You need to open https-vhosts conf file in notepad   C  wamp64 bin apache apache2 4 37 conf extra https-vhosts conf    If you unable to find above file  check screenshot below     lt VirtualHost   80 gt       ServerName localhost      DocumentRoot c  wamp64 www       lt Directory   c  wamp64 www   gt          Options Indexes FollowSymLinks MultiViews         AllowOverride All         Require local      lt  Directory gt   lt  VirtualHost gt    In above code Replace  Require local   with  Require all granted   And save it  Restart Apache service and try again

User · Answer

The problem is in VirtualHost but probablely is not      Require all granted   Confirm your config is correct here is correct sample

User · Answer

Double check that the DocumentRoot path is correct  That can cause this error

User · Answer

Ensure that any user-specific configs are included   If none of the other answers on this page for you work  here s what I ran into after hours of floundering around   I used user-specific configurations  with Sites specified as my UserDir in  private etc apache2 extra httpd-userdir conf  However  I was forbidden access to the endpoint http   localhost  jwork    I could see in  var log apache2 error log that access to  Users jwork Sites  was being blocked  However  I was permitted to access the DocumentRoot  via http   localhost   This suggested that I didn t have rights to view the  jwork user  But as far as I could tell by ps aux   egrep   apache httpd   and lsof -i  80  Apache was running for the jwork user  so something was clearly not write with my user configuration   Given a user named jwork  here was my config file    private etc apache2 users jwork conf   lt Directory   Users jwork Sites   gt      Require all granted  lt  Directory gt    This config is perfectly valid  However  I found that my user config wasn t being included    private etc apache2 extra httpd-userdir conf     Note how it s commented out by default     Just remove the comment to enable your user conf   Include  private etc apache2 users   conf   Note that this is the default path to the userdir conf file  but as you ll see below  it s configurable in httpd conf  Ensure that the following lines are enabled    private etc apache2 httpd conf  Include  private etc apache2 extra httpd-userdir conf         LoadModule userdir module libexec apache2 mod userdir so

User · Answer

This  bug  is actually the new normal behavior of Apache 2 4  In my case  I had a very specific rule to deny access to any folder or file with name starting with      so I had to set an exception for a particular public folder that requires such odd name   For the record my particular Rewrite rule is   RewriteRule       trusted          -  F   This rule  F obits everything starting with     but  trusted  thanks to the magic of regex      negation

User · Answer

One obscure  having just dealt with it   yet possible  cause of this is an internal mod rewrite rule  in the main config file  not  htaccess  that writes to a path which exists at the root of the server file system  Say you have a  media directory in your site  and you rewrite something like this   RewriteRule  some image png  media some other location png   If you have a  media directory at the root of your server  the rewrite will be attempted to that  resulting in the access denied error  rather than the one in your site directory  since the file system root is checked first by mod rewrite  for the existence of the first directory in the path  before your site directory

User · Answer

This was driving me crazy  Finally figured out what the problem was  I was using direct paths for the error log and they were wrong    Why does Apache give a vague  and wrong  error message  Instead use a correct and useful error message like  Path for ErrorLog directive   wrong path and filename log  is invalid   Anyway  to fix make sure your error log directives look something like this    ErrorLog   APACHE LOG DIR  error log CustomLog   APACHE LOG DIR  access log combined

User · Answer

Has anyone thought about that wamp server default not include the httpd-vhosts conf file  My approach is to remove the note below   conf     Virtual hosts   Include conf extra httpd-vhosts conf   in httpd conf file  That is all

User · Answer

For Wamp 3  Apache 2 4   besides putting the server online as described in the other answers  in the Virtual Hosts file conf extra httpd-vhosts conf you might need to replace   Require local   with  Require all granted    This is applicable if in httpd conf you have  Include conf extra httpd-vhosts conf

User · Answer

If you are using Apache 2 4  You have to check allow and deny rules  Check out http   httpd apache org docs 2 4 upgrading html access     In 2 2  access control based on client hostname  IP address  and other   characteristics of client requests was done using the directives   Order  Allow  Deny  and Satisfy       In 2 4  such access control is done in the same way as other   authorization checks  using the new module mod authz host    The new directive is Require   2 2 configuration   Order allow deny Allow from all   2 4 configuration   Require all granted   Also don t forget to restart the apache server after these changes    service httpd restart

[server] Apache2: 'AH01630: client denied by server configuration'

Examples related to server

Examples related to apache2

Examples related to apache2.4