错误消息“禁止您无权访问/在此服务器上”
我自己配置了Apache并尝试在虚拟主机上加载phpMyAdmin,但我收到了:
403 Forbidden您无权访问此服务器
我的httpd.conf
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" will be interpreted by the
# server as "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which httpd.exe is located
# will be used by default. It is recommended that you always supply
# an explicit drive letter in absolute paths to avoid confusion.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:80
Include conf/vhosts.conf
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule php5_module "c:/Program Files/php/php5apache2_2.dll"
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon
</IfModule>
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin webmaster@somenet.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.somenet.com:80
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access.log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.somenet.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock logs/cgisock
</IfModule>
#
# "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.somenet.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
PHPIniDir "c:/Program Files/php"
和vhosts.conf:
NameVirtualHost 127.0.0.1:80
<VirtualHost 127.0.0.1:80>
DocumentRoot i:/projects/webserver/__tools/phpmyadmin/
ServerName dbadmin.tools
</VirtualHost>
34 个答案:
答案 0 :(得分:638)
2016年10月更新
4年前,由于这个答案被很多人用作参考,而且这些年来我从安全角度学到了很多东西, 我觉得我有责任澄清一些重要的注意事项,并且相应地更新了我的答案。
原始答案是正确的但对某些生产环境不安全, 另外,我想解释一下在设置环境时可能遇到的一些问题。
如果您正在寻找快速解决方案并且安全性不重要,即开发环境,请跳过并阅读原始答案
许多情况都可能导致 403 Forbidden :
甲。目录索引(来自mod_autoindex.c)
访问目录时,此目录中没有找到默认文件
AND 此目录未启用Apache Options Indexes。
A.1。 DirectoryIndex选项示例
DirectoryIndex index.html default.php welcome.php
A.2。 Options Indexes选项
如果设置,如果找不到默认文件,apache将列出目录内容(来自上面的选项)
如果没有满足上述条件
您将收到 403 Forbidden
推荐
- 除非真的,否则不应允许目录列表。
- 将默认索引
DirectoryIndex限制为最小值。 - 如果要修改,请仅修改所需目录,例如,使用
.htaccess文件,或将修改置于<Directory /my/directory>指令 内
B中。 deny,allow指令(Apache 2.2)
@Radu,@ Simon A. Eugster在评论中提到 您的请求被这些指令拒绝,列入黑名单或列入白名单。
我不会发表完整的解释,但我认为一些例子可能会帮助您理解, 简而言之,请记住这条规则:
如果与之匹配,最后一个指令就是胜利
Order allow,deny
如果两个指令匹配,Deny将获胜(即使在conf中的allow之后写入deny指令)
Order deny,allow
如果两个指令相匹配,允许将获胜
示例1
Order allow,deny
Allow from localhost mydomain.com
只有localhost和* .mydomain.com可以访问它,所有其他主机都被拒绝
示例2
Order allow,deny
Deny from evil.com
Allow from safe.evil.com # <-- has no effect since this will be evaluated first
所有请求都被拒绝,最后一行可能会欺骗你,但请记住,如果匹配最后一个获胜规则(此处为Deny是最后一个),则与写入相同:
Order allow,deny
Allow from safe.evil.com
Deny from evil.com # <-- will override the previous one
示例4
Order deny,allow
Allow from site.com
Deny from untrusted.site.com # <-- has no effect since this will be matched by the above `Allow` directive
所有主机都接受请求
示例4:公共站点的典型情况(允许除非列入黑名单)
Order allow,deny
Allow from all
Deny from hacker1.com
Deny from hacker2.com
示例5:内部网和安全站点的典型情况(拒绝除非列入白名单)
Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain
℃。 Require指令(Apache 2.4)
Apache 2.4使用名为mod_authz_host
Require all granted =&gt;允许所有请求
Require all denied =&gt;拒绝所有请求
Require host safe.com =&gt;仅允许来自safe.com
d。文件权限
大多数人做错的一件事是配置文件权限,
GOLDEN RULE
根据您的需要开始并根据需要添加
在linux中:
-
目录应具有
Execute权限 -
文件应具有
Read权限 -
是的,你是对的,不要添加
Execute文件权限
例如,我使用此脚本来设置文件夹权限
# setting permissions for /var/www/mysite.com
# read permission ONLY for the owner
chmod -R /var/www/mysite.com 400
# add execute for folders only
find /var/www/mysite.com -type d -exec chmod -R u+x {} \;
# allow file uploads
chmod -R /var/www/mysite.com/public/uploads u+w
# allow log writing to this folder
chmod -R /var/www/mysite.com/logs/
我发布此代码作为示例,在其他情况下设置可能会有所不同
原始答案
我遇到了同样的问题,但我通过在 httpd.conf 的全局目录设置或特定目录块中设置选项指令解决了这个问题。的的httpd-vhosts.conf :
Options Indexes FollowSymLinks Includes ExecCGI
默认情况下,您的全局目录设置为(httpd.conf line ~188):
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
将选项设置为:
Options Indexes FollowSymLinks Includes ExecCGI
最后,它应该看起来像:
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
同时尝试按Order deny,allow更改Allow from all和Require all granted行。
附录
目录索引源代码(为简洁起见,删除了一些代码)
if (allow_opts & OPT_INDEXES) {
return index_directory(r, d);
} else {
const char *index_names = apr_table_get(r->notes, "dir-index-names");
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
"Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
"server-generated directory index forbidden by "
"Options directive",
r->filename,
index_names ? index_names : "none");
return HTTP_FORBIDDEN;
}
答案 1 :(得分:186)
我理解这个问题已经解决,但我碰巧自己解决了同样的问题。
的原因
禁止您无权访问此服务器
实际上是httpd.conf中的apache目录的默认配置。
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all # the cause of permission denied
</Directory>
只需将Deny from all更改为Allow from all即可解决权限问题。
或者,更好的方法是在virtualhost配置上指定单独的目录权限。
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Allow from all
</Directory>
....
</VirtualHost>
从 Apache-2.4 开始,使用新模块mod_authz_host(Upgrading to 2.4 from 2.2)完成访问控制。因此,应该使用新的Require指令。
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Require all granted
</Directory>
....
</VirtualHost>
答案 2 :(得分:129)
在默认的/ var / www /之外托管的目录的常见问题是,Apache用户不仅需要对托管站点的目录和子目录的权限。 Apache需要对所有目录的权限,直到托管站点的文件系统的根目录。 Apache在安装时会自动获得分配给/ var / www /的权限,因此如果您的主机目录直接位于其下,那么这不适用于您。编辑:Daybreaker报告说他的Apache安装时没有对默认目录的正确访问权限。
例如,您有一台开发机器,您的站点目录是:
/username/home/Dropbox/myamazingsite/
你可能认为你可以逃脱:
chgrp -R www-data /username/home/Dropbox/myamazingsite/
chmod -R 2750 /username/home/Dropbox/myamazingsite/
因为这为Apache提供了访问您网站目录的权限?那是正确的,但这还不够。 Apache需要权限一直到目录树,所以你需要做的是:
chgrp -R www-data /username/
chmod -R 2750 /username/
显然,我不建议在生产服务器上访问Apache到完整的目录结构,而不分析该目录结构中的内容。对于生产,最好保留默认目录或另一个仅用于保存Web资产的目录结构。
Edit2:正如你/ chimeraha指出的那样,如果你不确定你在使用权限做什么,最好将你的网站目录移出你的主目录,以避免将你自己锁定在你的目录之外主目录。
答案 3 :(得分:58)
Apache 2.4中的一些配置参数已更改。我在设置Zend Framework 2应用程序时遇到了类似的问题。经过一番研究,这是解决方案:
配置错误
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny #<-- 2.2 config
Allow from all #<-- 2.2 config
</Directory>
</VirtualHost>
正确配置
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Require all granted #<-- 2.4 New configuration
</Directory>
</VirtualHost>
如果您打算从Apache 2.2迁移到2.4,这里有一个很好的参考:http://httpd.apache.org/docs/2.4/upgrading.html
答案 4 :(得分:40)
使用 Apache 2.2
Order Deny,Allow
Allow from all
使用 Apache 2.4
Require all granted
答案 5 :(得分:24)
使用 Apache 2.4 在 Ubuntu 14.04 上,我执行了以下操作:
在文件 apache2.conf (/etc/apache2下)中添加以下内容:
<Directory /home/rocky/code/documentroot/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
并重新加载服务器:
sudo service apache2 reload
编辑:这也适用于OS X Yosemite和Apache 2.4。最重要的一行是
要求全部授予
答案 6 :(得分:22)
如果您使用的是WAMP服务器,请尝试以下操作:
-
单击任务栏上的WAMP服务器图标
-
选择投放在线
选项
-
您的服务器将自动重启
-
然后尝试访问您的本地网站
答案 7 :(得分:16)
如果您将CentOS与SELinux一起使用,请尝试:
sudo restorecon -r /var/www/html
查看更多:https://www.centos.org/forums/viewtopic.php?t=6834#p31548
答案 8 :(得分:16)
我通过将用户添加到httpd.conf来解决了我的问题。
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
#User daemon
User my_username
Group daemon
答案 9 :(得分:14)
本文Creating virtual hosts on Apache 2.2帮助我(第9点)对顶级虚拟主机目录的权限。
我只是将这些行添加到我的vhosts.conf文件中:
<Directory I:/projects/webserver>
Order Deny,Allow
Allow from all
</Directory>
答案 10 :(得分:10)
我遇到了同样的错误,无法解决问题多年。如果您恰好位于包含SELinux CentOS的Linux发行版上,则需要确保为文档根文件正确设置SELinux权限,否则您将收到此错误。这是对标准文件系统权限的完全不同的权限集。
我碰巧使用了教程 Apache and SELinux ,但是一旦你知道要寻找什么,似乎就有很多。
答案 11 :(得分:6)
如果您使用的是MAMP Pro,则可以通过选中Indexes - Hosts标签下的Extended复选框来解决此问题。
在MAMP Pro v3.0.3中,这是看起来像:
答案 12 :(得分:5)
还有另一种方法可以解决这个问题。我们假设您要访问/var/www/html/subphp中存在的目录“subphp”,并且您希望使用127.0.0.1/subphp访问它,并且您收到如下错误:
您无权访问此服务器上的/ subphp /。
然后将目录权限从“无”更改为“访问文件”。命令行用户可以使用chmod命令更改权限。
答案 13 :(得分:3)
我使用Mac OS X,在我的情况下,我只是忘记在apache中启用php,我只需要从/etc/apache2/httpd.conf取消注释一行:
LoadModule php5_module libexec/apache2/libphp5.so
参考this文章了解详情。
答案 14 :(得分:2)
我遇到了同样的问题,但是由于我将apache上的路径更改为var / www之外的文件夹,我开始遇到问题。
我通过在var / www / html&gt;中创建符号链接来修复它。 home / dev / project似乎可以做到这一点,而无需更改任何权限......
答案 15 :(得分:2)
(在Windows和Apache 2.2.x中)
&#34;禁止&#34;错误也是未定义虚拟主机的结果。
如Julien所述,如果您打算使用虚拟hosts.conf,请转到httpd文件并取消注释以下行:
#Include conf/extra/httpd-vhosts.conf
然后在conf/extra/httpd-vhosts.conf中添加虚拟主机定义并重新启动Apache。
答案 16 :(得分:2)
我遇到了这个问题,我的解决方案也是因为www-data没有拥有正确的文件夹,而是我为其中一个用户设置了它。 (我试图做一些花哨的,但错误的伎俩让ftp玩得很好。)
跑完后:
chown -R www-data:www-data /var/www/html
机器再次开始提供数据。您可以通过
查看当前拥有该文件夹的人员ls -l /var/www/html
答案 17 :(得分:2)
此解决方案并非允许所有
我只想更改我的公共目录www,并从我的PC访问它,并通过Wifi连接移动设备。我是Ubuntu 16.04。
-
首先,我修改了 /etc/apache2/sites-enabled/000-default.conf 然后我更改了DocumentRoot / var / www / html这一行 为我的新公共目录 DocumentRoot&#34; / media / data / XAMPP / htdocs&#34;
-
然后我修改了/etc/apache2/apache2.conf,我把localhost和我的手机的权限,这次我使用了IP地址,我知道它不是完全安全的,但它&#39 ;为了我的目的可以。
<Directory/> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from localhost 10.42.0.11 </Directory>
答案 18 :(得分:1)
I changed
Order Deny,Allow
Deny From All in .htaccess to " Require all denied " and restarted apache but it did not help.
ubuntu中apache2.conf的路径是/etc/apache2/apache.conf
然后我在apache2.conf中添加了以下行,然后我的文件夹工作正常
<Directory /path of required folder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
and run " Sudo service apache2 restart "
答案 19 :(得分:1)
尝试此操作,不要添加任何Order allow,deny和其他内容:
AddHandler cgi-script .cgi .py
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
Allow from all
</Directory>
sudo a2enmod cgi
sudo service apache2 restart
答案 20 :(得分:0)
RiggsFolly在其他地方回答了这个问题,简单地说:
在您的apache conf文件夹编辑文件中: httpd-vhost.conf :
在Directory nest中添加这一小行:
Require ip 192.168.1
重新启动服务器,apache或Wamp或其他任何内容。
就是这样,现在所有的家庭设备(在ip范围192.168.1.xxx)都能看到你的PC服务器。请注意,您只需添加前3个部分的IP号码。
出现任何问题,退出防火墙进行测试。
要查看您的网络设备的IP号码,请下载一台“IP扫描仪”软件(周围有很多免费的)用于PC或Android用于从Play商店获取Fing。
答案 21 :(得分:0)
我知道这个问题已经有几个答案,但是我认为有一个非常微妙的方面,尽管已提到,但在先前的答案中并没有足够突出。
在检查Apache配置或文件的权限之前,让我们做一个简单的检查,以确保每个目录都构成了您要访问的文件的完整路径(例如索引)。 Web服务器用户不仅可以读取文档的根目录中的php文件,而且还可以执行。
例如,假设文档根目录的路径为“ / var / www / html”。您必须确保Web服务器用户(可读取和)可执行所有“ var”,“ www”和“ html”目录。就我而言(Ubuntu 16.04),我错误地将“ x”标志从“ html”目录中移至“其他”组,因此权限如下所示:
drwxr-xr-- 15 root root 4096 Jun 11 16:40 html
您可以看到Web服务器用户(在这种情况下,“其他”权限适用于该Web服务器用户)没有 execute 访问“ html”目录的权限,而这恰好是根目录问题。发出后:
chmod o+x html
命令,问题已解决!
在解决这种问题之前,我实际上已经尝试了该线程中的其他所有建议,并且由于该建议已被我偶然发现的评论所掩盖,因此我认为在此处突出和扩展它可能会有所帮助。
>答案 22 :(得分:0)
权限错误
一些非常喜欢我的菜鸟用户在页面中设置了不正确的权限时会遇到此问题(特别是“其他”用户没有读取权限)。例如,假设您正在尝试访问index.html,并且您收到上述错误。要修复,请键入:
chmod o+r index.html
然后再次上传到服务器。错误消失。
答案 23 :(得分:0)
只是为这个不断增长的列表添加另一个潜在的问题,我的问题(运行CentOS 6.8)是使用特定的虚拟主机在不同的服务器上工作正常,问题结果是使用mod_rewrite的错误的.htaccess文件:
在.htaccess中,这导致403错误:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
</IfModule>
添加 FollowSymLinks 作为解决问题的第一行:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
</IfModule>
答案 24 :(得分:0)
我们启用了modsec,检查网站的错误日志中是否有modsec ID,然后在vhost中输入文件的位置匹配(或者我猜是.htaccess):
<LocationMatch "/yourlocation/index.php">
<IfModule security2_module>
SecRuleRemoveById XXXXXXX
</IfModule>
</LocationMatch>
答案 25 :(得分:0)
您可以像以下代码一样更改youralias.conf文件:
Alias /Quiz/ "h:/MyServer/Quiz/"
<Directory "h:/MyServer/Quiz/">
Options Indexes FollowSymLinks
AllowOverride all
<IfDefine APACHE24>
Require local
</IfDefine>
<IfDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from localhost ::1 127.0.0.1
</IfDefine>
</Directory>
答案 26 :(得分:0)
这非常荒谬,但是当我尝试下载的文件不在文件系统上时,我得到了403 Forbidden。在这种情况下,apache错误不是很准确,并且在我将文件放在原来的位置后整个过程都有效。
答案 27 :(得分:0)
工作方法(除非没有其他问题)
默认情况下,Apache不限制IPv4(公共外部IP地址)的访问权限
受限制的是&#39; httpd.conf&#39;。
全部替换
<Directory />
AllowOverride none
Require all denied
</Directory>
与
<Directory />
AllowOverride none
# Require all denied
</Directory>
因此删除了对 Apache 的所有限制。
将Require local替换为{em> C:/ wamp / www / 目录的Require all granted。
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
# Require local
</Directory>
答案 28 :(得分:0)
在运行docker build之前,使用SSHFS从我的本地文件系统挂载VirtualBox guest虚拟机中的文件时出现此问题。最后,“修复”是将所有文件复制到VirtualBox实例,而不是从SSHFS安装内部构建,然后从那里运行构建。
答案 29 :(得分:0)
请记住,在这种情况下要配置的正确文件不是phpMyAdmin别名中的httpd.conf,而是bin/apache/your_version/conf/httpd.conf。
查找以下行:
DocumentRoot "c:/wamp/www/"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
确保将其设置为Allow from all ...
如果没有,phpMyAdmin甚至可能工作,但不是你的root和其他文件夹。另外,记得重新启动WAMP然后联机...
这解决了我的头痛。
答案 30 :(得分:0)
我对于特定的控制器只有同样的问题 - 这真的很奇怪。我在CI文件夹的根目录中有一个文件夹,其名称与我尝试访问的控制器名称相同...因此,CI将请求定向到此目录而不是控制器本身。
删除这个文件夹后(这有点错误),一切正常。
更清楚的是,这就是它的样子:
/ci/controller/register.php
/ci/register/
我必须删除/ci/register/。
答案 31 :(得分:0)
更改配置文件后,请不要忘记Restart All Services。
我浪费了三个小时的时间。
答案 32 :(得分:0)
当我遇到这个问题时,只是为了带来另一个贡献:
我配置了一个我不想要的VirtualHost。我已经注释掉了vhost包含的行,并且它有效。
答案 33 :(得分:0)
确切地检查文件的放置位置,不要将它们嵌套在Documents文件夹中。
例如,我错误地将我的代码放在Documents文件夹中,如上所述,这不会起作用,因为Documents明确只对您而不是APACHE可用。尝试将其移动到一个目录中,您可能看不到此问题。
从以下位置移动文件夹:
/用户/ YOURUSERNAME /文档/代码
到这里: /用户/ YOURUSERNAME /代码
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?