You Don't Have Permission Error in Apache in Centos

You don't have permission to access / on this server

Edit httpd.conf file, which is in /etc/httpd/conf/httpd.conf. Add the below code.

<Directory "/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Allow from all
</Directory>

<Directory "/home/">
 #Options FollowSymLinks
 Options Indexes FollowSymLinks Includes ExecCGI
 AllowOverride None
 Allow from all
</Directory>

After the line no. 555 (in my case) . Check for the file permissions and restart the server.

service httpd restart   

Now, it will work . Still you are facing the same problem, disable the seLinux in /etc/selinux/config change SELINUX=disabled and restart the server as mentioned above and try it.

Hope this helps

CentOS + Apache: You don't have permission to access /info.php on this server

The solution to the problem is:

sudo chcon -R -v -t httpd_sys_rw_content_t info.php

How @Lou said it was a SELinux problem.

Forbidden: You don't have permission to access / on this server (centos 7)

You will need to add the following to it,

<Directory "/home/admin/domains/morabi.app/public_html">
# Learn more about this at https://httpd.apache.org/docs/2.4/mod/core.html#options
Options Indexes FollowSymLinks

# Learn more about this at https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
AllowOverride All

# The solution for your error, allows your files to be served, learn more about this at https://httpd.apache.org/docs/2.4/howto/access.html
Require all granted
</Directory>

And restart Apache.

This is something that many people forget, and some don't know about. Please be aware of this.

Edit:
Added the word public_html to the directory configuration

Another Tip

Take a backup before running these commands, I am not responsible if anything bad happens to the files.

Try checking the owner of the folder public_html by running ls -la inside morabi.app inside the terminal, if it is not your user or apache try running this command in the directory morabi.app:

Make sure you are running this as your primary user which you use, I suggest you not to change it to root.

chown $USER:$USER public_html -R

This above command is going to change the owner of the folder and the files inside it. Change $USER to apache if changing the owner to the user running the commands doesn't work, but always take a backup before as I said above.

Error message Forbidden You don't have permission to access / on this server

Update October 2016

4 years ago, since this answer is used as a reference by many, and while I learned a lot from security perspective during these years,
I feel I am responsible to clarify some important notes, and I've update my answer accordingly.

The original answer is correct but not safe for some production environments,
in addition I would like to explain some issues that you might fall into while setting up your environment.

If you are looking for a quick solution and SECURITY IS NOT A MATTER, i.e development env, skip and read the original answer instead

Many scenarios can lead to 403 Forbidden:

---

A. Directory Indexes (from mod_autoindex.c)

When you access a directory and there is no default file found in this directory
AND Apache Options Indexes is not enabled for this directory.

A.1. DirectoryIndex option example

DirectoryIndex index.html default.php welcome.php

A.2. Options Indexes option

If set, Apache will list the directory content if no default file found (from the above option)

If none of the conditions above is satisfied

You will receive a 403 Forbidden

Recommendations

• You should not allow directory listing unless REALLY needed.
• Restrict the default index DirectoryIndex to the minimum.
• If you want to modify, restrict the modification to the needed directory ONLY, for instance, use .htaccess files, or put your modification inside the <Directory /my/directory> directive

---

B. deny,allow directives (Apache 2.2)

Mentioned by @Radu, @Simon A. Eugster in the comments
You request is denied, blacklisted or whitelisted by those directives.

I will not post a full explanation, but I think some examples may help you understand,
in short remember this rule:

IF MATCHED BY BOTH, THE LAST DIRECTIVE IS THE ONE THAT WILL WIN

Order allow,deny

Deny will win if matched by both directives (even if an allow directive is written after the deny in the conf)

Order deny,allow

allow will win if matched by both directives

Example 1

Order allow,deny
Allow from localhost mydomain.example

Only localhost and *.mydomain.example can access this, all other hosts are denied

Example 2

Order allow,deny
Deny from evil.example
Allow from safe.evil.example # <-- has no effect since this will be evaluated first

All requests are denied, the last line may trick you, but remember that if matched by both the last win rule (here Deny is the last), same as written:

Order allow,deny
Allow from safe.evil.example
Deny from evil.example # <-- will override the previous one

Example 4

Order deny,allow
Allow from site.example
Deny from untrusted.site.example # <-- has no effect since this will be matched by the above `Allow` directive

Requests are accepted from all hosts

Example 4: typical for public sites (allow unless blacklisted)

Order allow,deny
Allow from all
Deny from hacker1.example
Deny from hacker2.example

Example 5: typical for intranet and secure sites (deny unless whitelisted)

Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain

---

C. Require directive (Apache 2.4)

Apache 2.4 use a new module called mod_authz_host

Require all granted => Allow all requests

Require all denied => Deny all requests

Require host safe.example => Only from safe.example are allowed

---

D. Files permissions

One thing that most people do it wrong is configuring files permissions,

The GOLDEN RULE is

STARTS WITH NO PERMISSION AND ADD AS PER YOUR NEED

In Linux:

• Directories should have the Execute permission

• Files should have the Read permission

• YES, you are right DO NOT ADD Execute permission for files

for instance, I use this script to setup the folders permissions

# setting permissions for /var/www/mysite.example

# read permission ONLY for the owner
chmod -R /var/www/mysite.example 400

# add execute for folders only
find /var/www/mysite.example -type d -exec chmod -R u+x {} \;

# allow file uploads
chmod -R /var/www/mysite.example/public/uploads u+w

# allow log writing to this folder
chmod -R /var/www/mysite.example/logs/

I posted this code as an example, setup may vary in other situations

---

---

Original Answer

I faced the same issue, but I solved it by setting the options directive either in the global directory setting in the httpd.conf or in the specific directory block in httpd-vhosts.conf:

Options Indexes FollowSymLinks Includes ExecCGI

By default, your global directory settings is (httpd.conf line ~188):

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

set the options to:
Options Indexes FollowSymLinks Includes ExecCGI

Finally, it should look like:

<Directory />
    #Options FollowSymLinks
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

Also try changing Order deny,allow and Allow from all lines by Require all granted.

Appendix

Directory Indexes source code (some code remove for brevity)

if (allow_opts & OPT_INDEXES) {
     return index_directory(r, d);
} else {
        const char *index_names = apr_table_get(r->notes, "dir-index-names");

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
                      "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
                      "server-generated directory index forbidden by "
                      "Options directive",
                       r->filename,
                       index_names ? index_names : "none");
        return HTTP_FORBIDDEN;
    }

You don't have permission error in Apache in CentOS

I solved the problem. After meddling with the permission of the system I found out that the user "anjan" who is owner of /home/anjan had read/write/execute permission on /home/anjan but the group "anjan", created when user "anjan" was created didn't have any permission at all.

ls -l /home/

showed

drwx------. 28 anjan anjan 4096 Jan 21 13:19 anjan

so I changed the permission with this command

chmod -R 770 /home/anjan
ls -l /home/
drwxrwx---. 28 anjan anjan 4096 Jan 21 13:19 anjan

i found out under which user my apache is running from this thread. It was running under user "apache"

so I added user "apache" to group "anjan" with this command.

usermod -G anjan,apache apache

after that voila. No more Forbidden error.

P.S. I did everything as the root user.

UPDATE
It seems the provided link is broken now. Heres another one.

Just to be safe(to avoid future broken links), copying the command here. In terminal type -

ps axo user,group,comm | grep apache

Forbidden You don't have permission to access on this server. Centos 6 / Laravel 4

The webserver starts as a daemon (service) under a particular user. That user is defined in httpd.conf. By default that user will be apache. Don't confuse the apache user with the httpd process. The latter is a webserver daemon and the former is the user under which it is going to run. If the folder you created belongs to root or a user other than the one defined in httpd.conf then apache won't be able to access it. The way to identify this problem is to go to the folder and do ls -l. If the user define in httpd.conf is apache then in order for it to access the folder, you should see:

drwxr-xr-x.  2 apache apache    4096 Jan  8  2013 public_folder

Note, it says 'apache apache', meaning it belongs to the apache user and group. If you created it via root then you will probably see:

drwxr-xr-x.  2 root root    4096 Jan  8  2013 public_folder

The apache user cannot access the folder defined by root. To solve this problem run the command:

chown -R apache:apache myfolder

The -R option is recursive, so it will update ownership for ALL folders and files within that folder to the apache user.

If your ownership if fine, then trying 'temporarily' turning off selinux. On centos you do:

setenforce 0

Which will turn off selinux till the next restart. Ideally, you will want to leave selinux on for additional security and set a valid context for your apache files and folders.

If turning off selinux does work, then you probably have the wrong security context for your files and folders. run the following command to restore your security contexts:

restorecon -R -v /var/www/

Forbidden: You don't have permission to access /abcd/ on this server

hi dude please find and edit httpd.conf file, which is in /etc/httpd/conf/httpd.conf. and paste the code below

<Directory "/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Allow from all
</Directory>

<Directory "/home/">
 #Options FollowSymLinks
 Options Indexes FollowSymLinks Includes ExecCGI
 AllowOverride None
 Allow from all
</Directory>

Then kindly restart the server if the problem still appear

disable the seLinux in /etc/selinux/config change SELINUX=disabled and restart the server it again hope it works now ^_^

---

Related Topics