Apache won t follow symlinks 403 Forbidden

Question

I m having some trouble setting up Apache on Ubuntu  I ve been following this guide      usr sbin apache2 -v Server version  Apache 2 2 17  Ubuntu  Server built    Feb 22 2011 18 33 02   My public directory   var www  can successfully serve up and execute PHP pages that are placed in it  However  I want to create a symlink in  var www that points to a directory in my home folder and serve pages there     root  var www   ll total 36 drwxr-xr-x  3 root root 4096 2011-09-11 14 22   drwxr-xr-x 14 root root 4096 2011-06-04 22 49    lrwxrwxrwx  1 root root   16 2011-09-11 13 21 about - gt   root site about   When I try to access  about on browser  I get   Forbidden  You don t have permission to access  about on this server    As far as I know  I gave sufficient privileges to the files I want to serve    root   site about   ll total 24 drwxr-xr-x 5 root root 4096 2011-09-11 13 20   drwxr--r-- 3 root root 4096 2011-09-11 13 19    drwxr-xr-x 2 root root 4096 2011-09-11 13 21 contact -rwxr-xr-x 1 root root 1090 2011-09-11 13 19 index php drwxr-xr-x 2 root root 4096 2011-09-11 13 20 me drwxr-xr-x 2 root root 4096 2011-09-11 13 21 resume   I m aware of the FollowSymLinks option  and I believe it s set in my  etc apache2 sites-enabled 000-default file   DocumentRoot  var www  lt Directory   gt      Options FollowSymLinks     AllowOverride None  lt  Directory gt   lt Directory  var www  gt      Options FollowSymLinks Indexes MultiViews     AllowOverride None     Order allow deny     allow from all  lt  Directory gt    Any idea what I could be missing

User · Answer

For anyone having trouble after upgrading to 14 04 https   askubuntu com questions 452042 why-is-my-apache-not-working-after-upgrading-to-ubuntu-14-04 as root changed before upgrade    var www after upgrade    var www html

User · Answer

There is another way that symbolic links may fail you  as I discovered in my situation  If you have an SELinux system as the server and the symbolic links point to an NFS-mounted folder  other file systems may yield similar symptoms   httpd may see the wrong contexts and refuse to serve the contents of the target folders   In my case the SELinux context of  var www html  which you can obtain with ls -Z  is unconfined u object r httpd sys content t s0  The symbolic links in  var www html will have the same context  but their target s context  being an NFS-mounted folder  are system u object r nfs t s0   The solution is to add fscontext unconfined u object r httpd sys content t s0 to the mount options  e g    mount -t nfs -o v3 fscontext unconfined u object r httpd sys content t s0  lt IP address gt    lt server path gt    lt mount point gt    rootcontext is irrelevant and defcontext is rejected by NFS  I did not try context by itself

User · Answer

Check that Apache has execute rights for  root   root site and  root site about   Run   chmod o x  root  root site  root site about

User · Answer

With the option FollowSymLinks enabled    rg  quot FollowSymLinks quot   etc httpd   etc httpd conf httpd conf 269     Options Indexes FollowSymLinks  you need all the directories in symlink to be executable by the user httpd is using  so for this general use case  cd  path to your web sudo ln -s  PWD  srv http   You can check owner an permissions with namei    namei -m  srv http web f   srv http web  drwxr-xr-x    drwxr-xr-x srv  drwxr-xr-x http  lrwxrwxrwx web - gt   path to your web    drwxr-xr-x      drwxr-xr-x path    drwx------ to    drwxr-xr-x your    drwxr-xr-x web  In my case to directory was only executable for my user  Enable execution by others solve it  chmod o x  path to  See the non executable directory could be different  or you need to affect groups instead others  that depends on your case

User · Answer

First disable selinux  vim  etc selinux config   vim  etc httpd conf httpd conf  edit following lines for symlinks and directory indexing   documentroot  var www html  lt directory  var www html gt      Options Indexes FollowSymLinks     AllowOverride None  lt  directory gt    If  htaccess file then AllowOverride all

User · Answer

I was having a similar problem that I could not resolve for a long time on my new server   In addition to palacsint s answer  a good question to ask is  are you using Apache 2 4   In Apache 2 4 there is a different mechanism for setting the permissions that do not work when done using the above configuration  so I used the solution explained in this blog post   Basically  what I needed to do was convert my config file from   Alias  demo  usr demo html   lt Directory   usr demo html  gt      Options FollowSymLinks     AllowOverride None     Order allow deny     allow from all   lt  Directory gt    to   Alias  demo  usr demo html   lt Directory   usr demo html  gt      Options FollowSymLinks     AllowOverride None     Require all granted  lt  Directory gt    Note how the Order and allow lines have been replaced by Require all granted

User · Answer

The 403 error may also be caused by an encrypted file system  e g  a symlink to an encrypted home folder   If your symlink points into the encrypted folder  the apache user  e g  www-data  cannot access the contents  even if apache and file folder permissions are set correctly  Access of the www-data user can be tested with such a call   sudo -u www-data ls -l  var www html  lt your symlink gt     There are workarounds solutions to this  e g  adding the www-data user to your private group  exposes the encrypted data to the web user  or by setting up an unencrypted rsynced folder  probably rather secure   I for myself will probably go for an rsync solution during development   https   askubuntu com questions 633625 public-folder-in-an-encrypted-home-directory  A convenient tool for my purposes is lsyncd  This allows me to work directly in my encrypted home folder and being able to see changes almost instantly in the apache web page  The synchronization is triggered by changes in the file system  calling an rsync  As I m only working on rather small web pages and scripts  the syncing is very fast  I decided to use a short delay of 1 second before the rsync is started  even though it is possible to set a delay of 0 seconds   Installing lsyncd  in Ubuntu    sudo apt-get install lsyncd   Starting the background service   lsyncd -delay 1 -rsync  home  lt me gt   lt work folder gt    var www html  lt web folder gt

User · Answer

Yet another subtle pitfall  in case you need AllowOverride All   Somewhere deep in the fs tree  an old  htaccess having   nbsp  nbsp  nbsp  nbsp Options Indexes  instead of   nbsp  nbsp  nbsp  nbsp Options  Indexes  was all it took to nonchalantly disable the FollowSymLinks set  in the server config  and cause a mysterious 403 here

User · Answer

Related to this question  I just figured out why my vhost was giving me that 403    I had tested ALL possibilities on this question and others without luck  It almost drives me mad   I am setting up a server with releases deployment similar to Capistrano way through symlinks and when I tried to access the DocRoot folder  which is now a symlink to current release folder  it gave me the 403   My vhost is   DocumentRoot  var www site com html  lt Directory  var www site com html gt          AllowOverride All         Options  FollowSymLinks         Require all granted  lt  Directory gt    and my main httpd conf file was  default Apache 2 4 install    DocumentRoot   var www   lt Directory   var www  gt      Options -Indexes -FollowSymLinks -Includes         It turns out that the main Options definition was taking precedence over my vhosts fiel  for me that is counter intuitive   So I ve changed it to   DocumentRoot   var www   lt Directory   var www  gt      Options -Indexes  FollowSymLinks -Includes         and Eureka   note the plus sign before FollowSymLinks in MAIN httpd conf file  Hope this help some other lost soul

User · Answer

In addition to changing the permissions as the other answers have indicated  I had to restart apache for it to take effect   sudo service apache2 restart

[apache] Apache won't follow symlinks (403 Forbidden)

Examples related to apache

Examples related to configuration

Examples related to apache2

Examples related to symlink