Error message Forbidden You don t have permission to access on this server

Question

I have configured my Apache by myself and have tried to load phpMyAdmin on a virtual host  but I received      403 Forbidden You don t have permission to access   on this server   My httpd conf        This is the main Apache HTTP server configuration file   It contains the   configuration directives that give the server its instructions    See  lt URL http   httpd apache org docs 2 2 gt  for detailed information    In particular  see     lt URL http   httpd apache org docs 2 2 mod directives html gt    for a discussion of each configuration directive      Do NOT simply read the instructions in here without understanding   what they do   They re here only as hints or reminders   If you are unsure   consult the online docs  You have been warned        Configuration and logfile names  If the filenames you specify for many   of the server s control files begin with      or  drive    for Win32   the   server will use that explicit path   If the filenames do  not  begin   with      the value of ServerRoot is prepended -- so  logs foo log    with ServerRoot set to  C  Program Files  x86  Apache Software Foundation Apache2 2  will be interpreted by the   server as  C  Program Files  x86  Apache Software Foundation Apache2 2 logs foo log       NOTE  Where filenames are specified  you must use forward slashes   instead of backslashes  e g    c  apache  instead of  c  apache      If a drive letter is omitted  the drive on which httpd exe is located   will be used by default   It is recommended that you always supply   an explicit drive letter in absolute paths to avoid confusion       ServerRoot  The top of the directory tree under which the server s   configuration  error  and log files are kept      Do not add a slash at the end of the directory path   If you point   ServerRoot at a non-local disk  be sure to point the LockFile directive   at a local disk   If you wish to share the same ServerRoot for multiple   httpd daemons  you will need to change at least LockFile and PidFile    ServerRoot  C  Program Files  x86  Apache Software Foundation Apache2 2       Listen  Allows you to bind Apache to specific IP addresses and or   ports  instead of the default  See also the  lt VirtualHost gt    directive      Change this to Listen on specific IP addresses as shown below to    prevent Apache from glomming onto all bound IP addresses     Listen 12 34 56 78 80 Listen 127 0 0 1 80  Include conf vhosts conf      Dynamic Shared Object  DSO  Support     To be able to use the functionality of a module which was built as a DSO you   have to place corresponding  LoadModule  lines at this location so the   directives contained in it are actually available  before  they are used    Statically compiled modules  those listed by  httpd -l   do not need   to be loaded here      Example    LoadModule foo module modules mod foo so   LoadModule actions module modules mod actions so LoadModule alias module modules mod alias so LoadModule asis module modules mod asis so LoadModule auth basic module modules mod auth basic so  LoadModule auth digest module modules mod auth digest so  LoadModule authn alias module modules mod authn alias so  LoadModule authn anon module modules mod authn anon so  LoadModule authn dbd module modules mod authn dbd so  LoadModule authn dbm module modules mod authn dbm so LoadModule authn default module modules mod authn default so LoadModule authn file module modules mod authn file so  LoadModule authnz ldap module modules mod authnz ldap so  LoadModule authz dbm module modules mod authz dbm so LoadModule authz default module modules mod authz default so LoadModule authz groupfile module modules mod authz groupfile so LoadModule authz host module modules mod authz host so  LoadModule authz owner module modules mod authz owner so LoadModule authz user module modules mod authz user so LoadModule autoindex module modules mod autoindex so  LoadModule cache module modules mod cache so  LoadModule cern meta module modules mod cern meta so LoadModule cgi module modules mod cgi so  LoadModule charset lite module modules mod charset lite so  LoadModule dav module modules mod dav so  LoadModule dav fs module modules mod dav fs so  LoadModule dav lock module modules mod dav lock so  LoadModule dbd module modules mod dbd so  LoadModule deflate module modules mod deflate so LoadModule dir module modules mod dir so  LoadModule disk cache module modules mod disk cache so  LoadModule dumpio module modules mod dumpio so LoadModule env module modules mod env so  LoadModule expires module modules mod expires so  LoadModule ext filter module modules mod ext filter so  LoadModule file cache module modules mod file cache so  LoadModule filter module modules mod filter so  LoadModule headers module modules mod headers so  LoadModule ident module modules mod ident so  LoadModule imagemap module modules mod imagemap so LoadModule include module modules mod include so  LoadModule info module modules mod info so LoadModule isapi module modules mod isapi so  LoadModule ldap module modules mod ldap so  LoadModule logio module modules mod logio so LoadModule log config module modules mod log config so  LoadModule log forensic module modules mod log forensic so  LoadModule mem cache module modules mod mem cache so LoadModule mime module modules mod mime so  LoadModule mime magic module modules mod mime magic so LoadModule negotiation module modules mod negotiation so  LoadModule proxy module modules mod proxy so  LoadModule proxy ajp module modules mod proxy ajp so  LoadModule proxy balancer module modules mod proxy balancer so  LoadModule proxy connect module modules mod proxy connect so  LoadModule proxy ftp module modules mod proxy ftp so  LoadModule proxy http module modules mod proxy http so  LoadModule proxy scgi module modules mod proxy scgi so  LoadModule reqtimeout module modules mod reqtimeout so  LoadModule rewrite module modules mod rewrite so LoadModule setenvif module modules mod setenvif so  LoadModule speling module modules mod speling so  LoadModule ssl module modules mod ssl so  LoadModule status module modules mod status so  LoadModule substitute module modules mod substitute so  LoadModule unique id module modules mod unique id so  LoadModule userdir module modules mod userdir so  LoadModule usertrack module modules mod usertrack so  LoadModule version module modules mod version so  LoadModule vhost alias module modules mod vhost alias so LoadModule php5 module  c  Program Files php php5apache2 2 dll     lt IfModule  mpm netware module gt   lt IfModule  mpm winnt module gt      If you wish httpd to run as a different user or group  you must run   httpd as root initially and it will switch        User Group  The name  or  number  of the user group to run httpd as    It is usually good practice to create a dedicated user and group for   running httpd  as with most system services    User daemon Group daemon   lt  IfModule gt   lt  IfModule gt      Main  server configuration     The directives in this section set up the values used by the  main    server  which responds to any requests that aren t handled by a    lt VirtualHost gt  definition   These values also provide defaults for   any  lt VirtualHost gt  containers you may define later in the file      All of these directives may appear inside  lt VirtualHost gt  containers    in which case these default settings will be overridden for the   virtual host being defined         ServerAdmin  Your address  where problems with the server should be   e-mailed   This address appears on some server-generated pages  such   as error documents   e g  admin your-domain com   ServerAdmin webmaster somenet com      ServerName gives the name and port that the server uses to identify itself    This can often be determined automatically  but we recommend you specify   it explicitly to prevent problems during startup      If your host doesn t have a registered DNS name  enter its IP address here     ServerName www somenet com 80      DocumentRoot  The directory out of which you will serve your   documents  By default  all requests are taken from this directory  but   symbolic links and aliases may be used to point to other locations    DocumentRoot  C  Program Files  x86  Apache Software Foundation Apache2 2 htdocs       Each directory to which Apache has access can be configured with respect   to which services and features are allowed and or disabled in that   directory  and its subdirectories        First  we configure the  default  to be a very restrictive set of    features       lt Directory   gt      Options FollowSymLinks     AllowOverride None     Order deny allow     Deny from all  lt  Directory gt       Note that from this point forward you must specifically allow   particular features to be enabled - so if something s not working as   you might expect  make sure that you have specifically enabled it   below         This should be changed to whatever you set DocumentRoot to     lt Directory  C  Program Files  x86  Apache Software Foundation Apache2 2 htdocs  gt              Possible values for the Options directive are  None    All         or any combination of          Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews             Note that  MultiViews  must be named  explicitly  ---  Options All        doesn t give it to you              The Options directive is both complicated and important   Please see       http   httpd apache org docs 2 2 mod core html options       for more information            Options Indexes FollowSymLinks              AllowOverride controls what directives may be placed in  htaccess files        It can be  All    None   or any combination of the keywords          Options FileInfo AuthConfig Limit           AllowOverride None              Controls who can get stuff from this server            Order allow deny     Allow from all   lt  Directory gt       DirectoryIndex  sets the file that Apache will serve if a directory   is requested     lt IfModule dir module gt      DirectoryIndex index html index php  lt  IfModule gt       The following lines prevent  htaccess and  htpasswd files from being    viewed by Web clients      lt FilesMatch     ht  gt      Order allow deny     Deny from all     Satisfy All  lt  FilesMatch gt       ErrorLog  The location of the error log file    If you do not specify an ErrorLog directive within a  lt VirtualHost gt    container  error messages relating to that virtual host will be   logged here   If you  do  define an error logfile for a  lt VirtualHost gt    container  that host s errors will be logged there and not here    ErrorLog  logs error log       LogLevel  Control the number of messages logged to the error log    Possible values include  debug  info  notice  warn  error  crit    alert  emerg    LogLevel warn   lt IfModule log config module gt              The following directives define some format nicknames for use with       a CustomLog directive  see below             LogFormat   h  l  u  t    r     gt s  b     Referer i       User-Agent i    combined     LogFormat   h  l  u  t    r     gt s  b  common       lt IfModule logio module gt          You need to enable mod logio c to use  I and  O       LogFormat   h  l  u  t    r     gt s  b     Referer i       User-Agent i    I  O  combinedio      lt  IfModule gt               The location and format of the access logfile  Common Logfile Format         If you do not define any access logfiles within a  lt VirtualHost gt        container  they will be logged here   Contrariwise  if you  do        define per- lt VirtualHost gt  access logfiles  transactions will be       logged therein and  not  in this file            CustomLog  logs access log  common              If you prefer a logfile with access  agent  and referer information        Combined Logfile Format  you can use the following directive             CustomLog  logs access log  combined  lt  IfModule gt    lt IfModule alias module gt              Redirect  Allows you to tell clients about documents that used to        exist in your server s namespace  but do not anymore  The client        will make a new request for the document at its new location        Example        Redirect permanent  foo http   www somenet com bar              Alias  Maps web paths into filesystem paths and is used to       access content that does not live under the DocumentRoot        Example        Alias  webpath  full filesystem path             If you include a trailing   on  webpath then the server will       require it to be present in the URL   You will also likely       need to provide a  lt Directory gt  section to allow access to       the filesystem path               ScriptAlias  This controls which directories contain server scripts         ScriptAliases are essentially the same as Aliases  except that       documents in the target directory are treated as applications and       run by the server when requested rather than as documents sent to the       client   The same rules about trailing     apply to ScriptAlias       directives as to Alias            ScriptAlias  cgi-bin   C  Program Files  x86  Apache Software Foundation Apache2 2 cgi-bin     lt  IfModule gt    lt IfModule cgid module gt              ScriptSock  On threaded servers  designate the path to the UNIX       socket used to communicate with the CGI daemon of mod cgid             Scriptsock logs cgisock  lt  IfModule gt        C  Program Files  x86  Apache Software Foundation Apache2 2 cgi-bin  should be changed to whatever your ScriptAliased   CGI directory exists  if you have that configured     lt Directory  C  Program Files  x86  Apache Software Foundation Apache2 2 cgi-bin  gt      AllowOverride None     Options None     Order allow deny     Allow from all  lt  Directory gt       DefaultType  the default MIME type the server will use for a document   if it cannot otherwise determine one  such as from filename extensions    If your server contains mostly text or HTML documents   text plain  is   a good value   If most of your content is binary  such as applications   or images  you may want to use  application octet-stream  instead to   keep browsers from trying to display binary files as though they are   text    DefaultType text plain   lt IfModule mime module gt              TypesConfig points to the file containing the list of mappings from       filename extension to MIME-type            TypesConfig conf mime types              AddType allows you to add to or override the MIME configuration       file specified in TypesConfig for specific file types             AddType application x-gzip  tgz             AddEncoding allows you to have certain browsers uncompress       information on the fly  Note  Not all browsers support this             AddEncoding x-compress  Z      AddEncoding x-gzip  gz  tgz             If the AddEncoding directives above are commented-out  then you       probably should define those extensions to indicate media types            AddType application x-compress  Z     AddType application x-gzip  gz  tgz              AddHandler allows you to map certain file extensions to  handlers         actions unrelated to filetype  These can be either built into the server       or added with the Action directive  see below              To use CGI scripts outside of ScriptAliased directories         You will also need to add  ExecCGI  to the  Options  directive              AddHandler cgi-script  cgi        For type maps  negotiated resources        AddHandler type-map var              Filters allow you to process content before it is sent to the client              To parse  shtml files for server-side includes  SSI          You will also need to add  Includes  to the  Options  directive              AddType text html  shtml      AddOutputFilter INCLUDES  shtml      AddType application x-httpd-php  php   lt  IfModule gt       The mod mime magic module allows the server to use various hints from the   contents of the file itself to determine its type   The MIMEMagicFile   directive tells the module where the hint definitions are located     MIMEMagicFile conf magic      Customizable error responses come in three flavors    1  plain text 2  local redirects 3  external redirects     Some examples   ErrorDocument 500  The server made a boo boo    ErrorDocument 404  missing html  ErrorDocument 404   cgi-bin missing handler pl   ErrorDocument 402 http   www somenet com subscription info html        MaxRanges  Maximum number of Ranges in a request before   returning the entire resource  or one of the special   values  default    none  or  unlimited     Default setting is to accept 200 Ranges   MaxRanges unlimited      EnableMMAP and EnableSendfile  On systems that support it     memory-mapping or the sendfile syscall is used to deliver   files   This usually improves server performance  but must   be turned off when serving from networked-mounted    filesystems or if support for these functions is otherwise   broken on your system     EnableMMAP off  EnableSendfile off    Supplemental configuration     The configuration files in the conf extra  directory can be    included to add extra features or to modify the default configuration of    the server  or you may simply copy their contents here and change as    necessary     Server-pool management  MPM specific   Include conf extra httpd-mpm conf    Multi-language error messages  Include conf extra httpd-multilang-errordoc conf    Fancy directory listings  Include conf extra httpd-autoindex conf    Language settings  Include conf extra httpd-languages conf    User home directories  Include conf extra httpd-userdir conf    Real-time info on requests and configuration  Include conf extra httpd-info conf    Virtual hosts  Include conf extra httpd-vhosts conf    Local access to the Apache HTTP Server Manual  Include conf extra httpd-manual conf    Distributed authoring and versioning  WebDAV   Include conf extra httpd-dav conf    Various default settings  Include conf extra httpd-default conf    Secure  SSL TLS  connections  Include conf extra httpd-ssl conf     Note  The following must must be present to support         starting without SSL on platforms with no  dev random equivalent         but a statically compiled-in mod ssl     lt IfModule ssl module gt  SSLRandomSeed startup builtin SSLRandomSeed connect builtin  lt  IfModule gt   PHPIniDir  c  Program Files php     and vhosts conf     NameVirtualHost 127 0 0 1 80   lt VirtualHost 127 0 0 1 80 gt      DocumentRoot i  projects webserver   tools phpmyadmin      ServerName dbadmin tools  lt  VirtualHost gt

User · Accepted Answer

Update October 2016  4 years ago  since this answer is used as a reference by many  and while I learned a lot from security perspective during these years  I feel I am responsible to clarify some important notes  and I ve update my answer accordingly   The original answer is correct but not safe for some production environments   in addition I would like to explain some issues that you might fall into while setting up your environment   If you are looking for a quick solution and SECURITY IS NOT A MATTER  i e development env  skip and read the original answer instead  Many scenarios can lead to 403 Forbidden     A  Directory Indexes  from mod autoindex c   When you access a directory and there is no default file found in this directory AND Apache Options Indexes is not enabled for this directory   A 1  DirectoryIndex option example  DirectoryIndex index html default php welcome php  A 2  Options Indexes option  If set  apache will list the directory content if no default file found  from the above  option   If none of the conditions above is satisfied  You will receive a 403 Forbidden  Recommendations   You should not allow directory listing unless REALLY needed  Restrict the default index DirectoryIndex to the minimum  If you want to modify  restrict the modification to the needed directory ONLY  for instance  use  htaccess files  or put your modification inside the  lt Directory  my directory gt  directive     B  deny allow directives  Apache 2 2   Mentioned by  Radu   Simon A  Eugster in the comments You request is denied  blacklisted or whitelisted by those directives    I will not post a full explanation  but I think some examples may help you understand   in short remember this rule   IF MATCHED BY BOTH  THE LAST DIRECTIVE IS THE ONE THAT WILL WIN  Order allow deny  Deny will win if matched by both directives  even if an allow directive is written after the deny in the conf   Order deny allow  allow will win if matched by both directives  Example 1  Order allow deny Allow from localhost mydomain com   Only localhost and   mydomain com can access this  all other hosts are denied  Example 2  Order allow deny Deny from evil com Allow from safe evil com    lt -- has no effect since this will be evaluated first   All requests are denied  the last line may trick you  but remember that if matched by both the last win rule  here Deny is the last   same as written    Order allow deny Allow from safe evil com Deny from evil com    lt -- will override the previous one    Example 4  Order deny allow Allow from site com Deny from untrusted site com    lt -- has no effect since this will be matched by the above  Allow  directive   Requests are accepted from all hosts  Example 4  typical for public sites  allow unless blacklisted   Order allow deny Allow from all Deny from hacker1 com Deny from hacker2 com   Example 5  typical for intranet and secure sites  deny unless whitelisted   Order deny allow Deny from all Allow from mypc localdomain Allow from managment localdomain     C  Require directive  Apache 2 4   Apache 2 4 use a new module called mod authz host   Require all granted    Allow all requests   Require all denied    Deny all requests  Require host safe com    Only from safe com are allowed    D  Files permissions  One thing that most people do it wrong is configuring files permissions     The GOLDEN RULE is   STARTS WITH NO PERMISSION AND ADD AS PER YOUR NEED   In linux    Directories should have the Execute permission Files should have the Read permission YES  you are right DO NOT ADD Execute permission for files   for instance  I use this script to setup the folders permissions    setting permissions for  var www mysite com    read permission ONLY for the owner  chmod -R  var www mysite com 400     add execute for folders only find  var www mysite com -type d -exec chmod -R u x          allow file uploads  chmod -R  var www mysite com public uploads u w    allow log writing to this folder chmod -R  var www mysite com logs     I posted this code as an example  setup may vary in other situations       Original Answer  I faced the same issue  but I solved it by setting the options directive either in the global directory setting in the httpd conf or in the specific directory block in httpd-vhosts conf   Options Indexes FollowSymLinks Includes ExecCGI   By default  your global directory settings is  httpd conf line  188     lt Directory   gt      Options FollowSymLinks     AllowOverride All     Order deny allow     Allow from all  lt  Directory gt    set the options to   Options Indexes FollowSymLinks Includes ExecCGI  Finally  it should look like    lt Directory   gt       Options FollowSymLinks     Options Indexes FollowSymLinks Includes ExecCGI     AllowOverride All     Order deny allow     Allow from all  lt  Directory gt    Also try changing Order deny allow and Allow from all lines  by Require all granted   Appendix  Directory Indexes source code  some code remove for brevity   if  allow opts  amp  OPT INDEXES         return index directory r  d     else           const char  index names   apr table get r- gt notes   dir-index-names             ap log rerror APLOG MARK  APLOG ERR  0  r  APLOGNO 01276                         Cannot serve directory  s  No matching DirectoryIndex   s  found  and                          server-generated directory index forbidden by                          Options directive                          r- gt filename                         index names   index names    none            return HTTP FORBIDDEN

User · Answer

If you are using a WAMP server then try this    Single click on the WAMP server icon at the taskbar Select the option put online Your server will restart automatically Then try to access your localwebsite

User · Answer

RiggsFolly answered this for me elsewhere  simply   in your apache conf folder edit file  httpd-vhost conf   Add this little line inside the Directory nest   Require ip 192 168 1   Restart the server  apache or Wamp or whatever you have   That s it  now all your HOME deivces  in ip range 192 168 1 xxx  can see your PC server  Note you only add the first 3 parts of ip number    Any problems  exit your firewall to test   To see your network devices ip numbers  download an  IP Scanner  software  quite a few free ones around  for PC or for android get Fing from play store

User · Answer

Remember that the correct file to be configured in this situation is not the httpd conf in the phpMyAdmin alias  but in bin apache your version conf httpd conf   Look for the following line   DocumentRoot  c  wamp www        Each directory to which Apache has access can be configured with respect   to which services and features are allowed and or disabled in that   directory  and its subdirectories       First  we configure the  default  to be a very restrictive set of   features     lt Directory   gt      Options FollowSymLinks     AllowOverride None     Order deny allow     Allow from all  lt  Directory gt    Make sure it is set to Allow from all     If not  phpMyAdmin might even work  but not your root and other folders under it  Also  remember to restart WAMP and then put online     This solved my headache

User · Answer

Check exactly where you are putting your files  don t nest them in the Documents folder     For instance I made the mistake of putting my code in the Documents folder of as mentioned this isn t going to work because Documents is explicitly only available to YOU and not APACHE   Try moving it up one directory and you may not see this issue   Move folder from    Users YOURUSERNAME Documents code  To here   Users YOURUSERNAME code

User · Answer

I solved my problem by adding my user to httpd conf     User Group  The name  or  number  of the user group to run httpd as    It is usually good practice to create a dedicated user and group for   running httpd  as with most system services     User daemon User my username Group daemon

User · Answer

We had modsec enabled  check the site s error log for an modsec ID then enter a locationmatch for the file in the vhost  or  htaccess I guess      lt LocationMatch   yourlocation index php  gt       lt IfModule security2 module gt          SecRuleRemoveById XXXXXXX      lt  IfModule gt   lt  LocationMatch gt

User · Answer

In Windows and Apache 2 2 x   The  Forbidden  error is also the result of not having virtual hosts defined   As noted by Julien  if you intend to use virtual hosts conf  then go to the httpd file and uncomment the following line    Include conf extra httpd-vhosts conf   Then add your virtual hosts definitions in conf extra httpd-vhosts conf and restart Apache

User · Answer

You can change youralias conf file like this code   Alias  Quiz   h  MyServer Quiz      lt Directory  h  MyServer Quiz   gt     Options Indexes FollowSymLinks    AllowOverride all     lt IfDefine APACHE24 gt       Require local     lt  IfDefine gt      lt IfDefine  APACHE24 gt      Order Deny Allow     Deny from all     Allow from localhost   1 127 0 0 1     lt  IfDefine gt    lt  Directory gt

User · Answer

I changed      Order Deny Allow     Deny From All      in  htaccess to     Require all denied      and restarted apache but it did not help    Path for apache2 conf in ubuntu is  etc apache2 apache conf  Then I added following lines in apache2 conf and then my folder is working fine       lt Directory  path of required folder gt              Options Indexes FollowSymLinks             AllowOverride All             Require all granted         lt  Directory gt      and run    Sudo service apache2 restart

User · Answer

I had this issue when using SSHFS to mount the files in my VirtualBox guest from my local filesystem before running a docker build  In the end  the  fix  was to copy all the files to the VirtualBox instance rather than building from inside the SSHFS mount  and then run the build from there

User · Answer

I use Mac OS X  in my case  I just forget to enable php in apache  all I need to do is to uncomment one line from  etc apache2 httpd conf   LoadModule php5 module libexec apache2 libphp5 so   ref this article for detail

User · Answer

Try this and don t add anything Order allow deny and others   AddHandler cgi-script  cgi  py  ScriptAlias  cgi-bin   usr lib cgi-bin   lt Directory   usr lib cgi-bin  gt      AllowOverride None     Options  ExecCGI -MultiViews  SymLinksIfOwnerMatch     Require all granted     Allow from all  lt  Directory gt     nbsp   sudo a2enmod cgi sudo service apache2 restart

User · Answer

There is another way to solve this problem  Let us say you want to access directory  subphp  which exist at  var www html subphp  and you want to access it using 127 0 0 1 subphp and you receive error like this      You don t have permission to access  subphp  on this server    Then change the directory permissions from  None  to  access files   A command-line user can use the chmod command to change the permission

User · Answer

After changing the configuration files don t forget to Restart All Services   I wasted three hours of my time on it

User · Answer

With Apache 2 2   Order Deny Allow Allow from all   With Apache 2 4  Require all granted   From http   httpd apache org docs 2 4 en upgrading html

User · Answer

Just to add another potential gotcha to this growing list  my problem  running CentOS 6 8  was with a particular virtualhost which worked fine on a different server  the issue turned out to be a faulty  htaccess file using mod rewrite   In  htaccess  this caused a 403 error        lt IfModule mod rewrite c gt      RewriteEngine On      RewriteBase        lt  IfModule gt    Adding FollowSymLinks as the first line fixed the issue        lt IfModule mod rewrite c gt      Options  FollowSymLinks     RewriteEngine On      RewriteBase        lt  IfModule gt

User · Answer

On Ubuntu 14 04 using Apache 2 4  I did the following   Add the following in the file  apache2 conf  under  etc apache2     lt Directory  home rocky code documentroot  gt    Options Indexes FollowSymLinks   AllowOverride None   Require all granted  lt  Directory gt    and reload the server   sudo service apache2 reload   Edit  This also works on OS X Yosemite with Apache 2 4  The all-important line is      Require all granted

User · Answer

This article Creating virtual hosts on Apache 2 2 helps me  point 9  permissions to the top virtual hosts directory   I simply add this lines to my vhosts conf file    lt Directory I  projects webserver gt      Order Deny Allow     Allow from all  lt  Directory gt

User · Answer

If you are using CentOS with SELinux Try   sudo restorecon -r  var www html   See more  https   www centos org forums viewtopic php t 6834 p31548

User · Answer

Permissions error  Some very noob users like me face this problem when having incorrect permissions set in a page  in particular  that  other  users do not have read permissions   For example  say you are attempting to access index html  and you get the above error  To fix  type   chmod o r index html   and then upload to server again  Error disappears

User · Answer

I had the same issue  but due to the fact that I changed the path on apache to a folder outside var www  I started running into problems   I fixed it by creating a symlink in var www html   home dev project which seemed to do the trick  without having to change any permissions

User · Answer

I had the same issue for a specific controller only - which was really weird  I had a folder in the root of the CI folder that had the same name as the controller I was trying to access    Because of that  CI was directing the request to this directory instead of the controller itself   After removing this folder  which was there a bit by mistake   it all worked fine   To be more clear  here is what it looked like    ci controller register php   ci register    I had to remove  ci register

User · Answer

WORKING Method  unless there is no other problem   By default  Apache is not restricting access from IPv4  common external IP address   What are restricted are the commands given in  httpd conf    Replace all   lt Directory   gt      AllowOverride none     Require all denied  lt  Directory gt    with   lt Directory   gt      AllowOverride none       Require all denied  lt  Directory gt    hence removing out all restriction given to Apache   Replace Require local with Require all granted for the C  wamp www  directory    lt Directory  c  wamp www   gt      Options Indexes FollowSymLinks     AllowOverride all     Require all granted       Require local  lt  Directory gt

User · Answer

This is pretty ridiculous  but I got the 403 Forbidden when the file I was trying to download wasn t there on the filesystem  The apache error is not very accurate in this case  and the whole thing worked after I simply put the file where it was supposed to be

User · Answer

I know this question has several answers already  but I think there is a very subtle aspect that  although mentioned  hasn t been highlighted enough in the previous answers   Before checking the Apache configuration or your files  permissions  let s do a simpler check to make sure that each of the directories composing the full path to the file you want to access  e g  the index php file in your document s root  is not only readable but also executable by the web server user   For example  let s say the path to your documents root is   var www html   You have to make sure that all of the  var    www  and  html  directories are  readable and  executable by the web server user  In my case  Ubuntu 16 04  I had mistakenly removed the  x  flag to the  others  group from the  html  directory so the permissions looked like this   drwxr-xr-- 15 root root 4096 Jun 11 16 40 html   As you can see the web server user  to whom the  others  permissions apply in this case  didn t have execute access to the  html  directory  and this was exactly the root of the problem  After issuing a   chmod o x html   command  the problem got fixed   Before resolving this way I had literally tried every other suggestion in this thread  and since the suggestion was buried in a comment that I found almost by chance  I think it may be helpful to highlight and expand on it here

User · Answer

Just to bring another contribution as I ran to this problem too   I had a VirtualHost configured that I did not want to  I have commented out the line where the include for the vhost occured  and it worked

User · Answer

If you are using MAMP Pro the way to fix this is by checking the Indexes checkbox under the Hosts - Extended tab     In MAMP Pro v3 0 3 this is what that looks like

User · Answer

This solution doesn t Allow from all  I just want to change my public directory www  and access it from my PC  and mobile connected by Wifi  I ve Ubuntu 16 04    So  first  I modified  etc apache2 sites-enabled 000-default conf  and I changed the line DocumentRoot  var www html for my new public directory DocumentRoot   media data XAMPP htdocs  Then I modified  etc apache2 apache2 conf  and I put the permissions for localhost  and my mobile  this time I used the IP address  I know it is not completely safe  but it s OK for my purposes     lt Directory  gt      Options FollowSymLinks     AllowOverride None     Order deny allow     Deny from all     Allow from localhost 10 42 0 11  lt  Directory gt

User · Answer

A common gotcha for directories hosted outside of the default  var www  is that the Apache user doesn t just need permissions to the directory and subdirectories where the site is being hosted   Apache requires permissions to all the directories all the way up to the root of the file system where the site is hosted   Apache automatically gets permissions assigned to  var www  when it s installed  so if your host directory is directly underneath that then this doesn t apply to you   Edit  Daybreaker has reported that his Apache was installed without correct access permissions to the default directory   For example  you ve got a development machine and your site s directory is    username home Dropbox myamazingsite    You may think you can get away with   chgrp -R www-data  username home Dropbox myamazingsite  chmod -R 2750  username home Dropbox myamazingsite    because this gives Apache permissions to access your site s directory   Well that s correct but it s not sufficient   Apache requires permissions all the way up the directory tree so what you need to do is   chgrp -R www-data  username  chmod -R 2750  username    Obviously I would not recommend giving access to Apache on a production server to a complete directory structure without analysing what s in that directory structure   For production it s best to keep to the default directory or another directory structure that s just for holding web assets   Edit2  as u chimeraha pointed out  if you re not sure what you re doing with the permissions  it d be best to move your site s directory out of your home directory to avoid potentially locking yourself out of your home directory

User · Answer

I ran into this problem  and my solution was moreso that www-data didn t own the proper folders  and instead I set it for one of the users to own it   I was trying to do a bit of fancy  but erroneous trickery to get ftp to play nicely    After running   chown -R www-data www-data  var www html   The machine started serving data again  You can see who currently owns the folder by means of   ls -l  var www html

User · Answer

I understand this issue is resolved but I happened to solve this same problem on my own   The cause of      Forbidden You don t have permission to access   on this server   is actually the default configuration for an apache directory in httpd conf       Each directory to which Apache has access can be configured with respect   to which services and features are allowed and or disabled in that   directory  and its subdirectories        First  we configure the  default  to be a very restrictive set of    features       lt Directory     gt      Options FollowSymLinks     AllowOverride None     Order deny allow     Deny from all            the cause of permission denied  lt  Directory gt    Simply changing Deny from all to Allow from all should solve the permission problem   Alternatively  a better approach would be to specify individual directory permissions on virtualhost configuration     lt VirtualHost   80 gt                  Set access permission      lt Directory   path to docroot  gt          Allow from all      lt  Directory gt             lt  VirtualHost gt    As of Apache-2 4  however  access control is done using the new module mod authz host  Upgrading to 2 4 from 2 2   Consequently  the new Require directive should be used    lt VirtualHost   80 gt                  Set access permission      lt Directory   path to docroot  gt          Require all granted      lt  Directory gt             lt  VirtualHost gt

User · Answer

I was getting the same error and couldn t figure out the problem for ages  If you happen to be on a Linux distribution that includes SELinux such as CentOS  you need to make sure SELinux permissions are set correctly for your document root files or you will get this error  This is a completely different set of permissions to the standard file system permissions   I happened to use the tutorial Apache and SELinux  but there seems to be plenty around once you know what to look for

User · Answer

Some configuration parameters have changed in Apache 2 4  I had a similar issue when I was setting up a Zend Framework 2 application  After some research  here is the solution   Incorrect Configuration   lt VirtualHost   80 gt      ServerName zf2-tutorial localhost     DocumentRoot  path to zf2-tutorial public     SetEnv APPLICATION ENV  development       lt Directory  path to zf2-tutorial public gt          DirectoryIndex index php         AllowOverride All         Order allow deny   lt -- 2 2 config         Allow from all   lt -- 2 2 config      lt  Directory gt   lt  VirtualHost gt    Correct Configuration   lt VirtualHost   80 gt      ServerName zf2-tutorial localhost     DocumentRoot  path to zf2-tutorial public     SetEnv APPLICATION ENV  development       lt Directory  path to zf2-tutorial public gt          DirectoryIndex index php         AllowOverride All         Require all granted   lt -- 2 4 New configuration      lt  Directory gt   lt  VirtualHost gt    If you are planning to migrate from Apache 2 2 to 2 4  here is a good reference  http   httpd apache org docs 2 4 upgrading html

[apache] Error message "Forbidden You don't have permission to access / on this server"

Update October 2016

A. Directory Indexes (from `mod_autoindex.c`)

A.1. `DirectoryIndex` option example

A.2. `Options Indexes` option

If none of the conditions above is satisfied

Recommendations

B. `deny,allow` directives (Apache 2.2)

`Order allow,deny`

`Order deny,allow`

Example 1

Example 2

Example 4

Example 4: typical for public sites (allow unless blacklisted)

Example 5: typical for intranet and secure sites (deny unless whitelisted)

C. `Require` directive (Apache 2.4)

D. Files permissions

Original Answer

Appendix

Directory Indexes source code (some code remove for brevity)

Examples related to apache

Examples related to configuration

Examples related to httpd.conf

Examples related to http-status-code-403