Notice that another issue that might be causing this is that, the «FollowSymLinks» option of a parent directory might have been mistakenly overwritten by the options of your project’s directory. This was the case for me and made me pull my hair until I found out the cause!
Here’s an example of such a mistake:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options Indexes # <--- NOT OK! It's overwriting the above option of the "/" directory.
AllowOverride all
Require all granted
</Directory>
So now if you check the Apache’s log message(tail -n 50 -f /var/www/html/{the_error_log_file_of_your_site}) you’ll see such an error:
Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive
is also forbidden due to its similar ability to circumvent directory restrictions
That’s because Indexes in the above rules for /var/www directory is overwriting the FolowSymLinks of the / directory. So now that you know the cause, in order to fix it, you can do many things depending on your need. For instance:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes # <--- OK.
AllowOverride all
Require all granted
</Directory>
Or even this:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options -Indexes # <--- OK as well! It will NOT cause an overwrite.
AllowOverride all
Require all granted
</Directory>
The example above will not cause the overwrite issue, because in Apache, if an option is «+» it will overwrite the «+»s only, and if it’s a «-«, it will overwrite the «-«s… (Don’t ask me for a reference on that though, it’s just my interpretation of an Apache’s error message(checked through journalctl -xe) which says: Either all Options must start with + or -, or no Option may. when an option has a sign, but another one doesn’t(E.g., FollowSymLinks -Indexes). So it’s my personal conclusion -thus should be taken with a grain of salt- that if I’ve used -Indexes as the option, that will be considered as a whole distinct set of options by the Apache from the other option in the «/» which doesn’t have any signs on it, and so no annoying rewrites will occur in the end, which I could successfully confirm by the above rules in a project directory of my own).
Hope that this will help you pull much less of your hair! 
Introduction
Apache is a popular open-source app for running web servers, owing to its reliability and stability. Despite its ease of use, it’s not uncommon to encounter a ‘403 Forbidden’ error after setting up a website using Apache.
In this tutorial, we will go over potential causes of the Apache ‘403 Forbidden’ error and different ways you can fix it.
Prerequisites
- A user account with root or sudo privileges
- Access to the command line terminal
- An installed version of Apache web server
Apache 403 Forbidden: Effects and Possible Causes
The Apache ‘403 Forbidden’ error appears when you try to load a web page with restricted access. Depending on your browser and the website in question, there are different versions of the 403 error message:
- Forbidden
- Error 403
- HTTP Error 403.14 – Forbidden
- 403 Forbidden
- HTTP 403
- Forbidden: You don’t have permission to access the site using this server
- Error 403 – Forbidden
- HTTP Error 403 – Forbidden
There are several potential reasons why the Apache 403 error occurs:
- The first option is a permission error in the webroot directory, where users don’t have access to website files.
- The second possible reason for a 403 error is missing or incorrect settings in the Apache configuration files.
- Finally, failing to set up a default directory index also triggers a 403 error message in Apache.
How to Fix ‘403 Forbidden’ in Apache
If you have come across an Apache ‘403 Forbidden’ message, there are several ways to fix it:
Method 1: Setting File Permissions and Ownership
If you suspect the cause of the 403 error to be incorrect file permissions, use:
sudo chmod -R 775 /path/to/webroot/directoryThe chmod command sets the execute permission for the webroot directory and read permission for the index.html file.
To change directory ownership, use:
sudo chown -R user:group /path/to/webroot/directoryWhere:
useris the user account with root privileges on your web server.groupiswww-dataorapache.
Restart the Apache web server for the changes to take effect.
If you are working with Ubuntu, use the following command to restart Apache:
sudo systemctl restart apache2If you are working with Centos, use:
sudo systemctl restart httpdMethod 2: Setting Apache Directives
It is possible that the proper require directive is not configured and restricts access to resources. To fix it:
1. Access Apache’s main configuration file. For Ubuntu, use:
sudo nano /etc/apache2/apache2.confFor Centos, use:
sudo nano /etc/httpd/httpd.conf2. Once you open the configuration file, scroll down to the following section:
3. If the final line in the <Directory /var/www/> section contains Require all denied, change it to Require all granted.
4. Press Ctrl+X and then Y to save changes to the Apache configuration file.
5. Restart the Apache web server for the changes to take effect. For Ubuntu, use:
sudo systemctl restart apache2For Centos, use:
sudo systemctl restart httpdMethod 3: Adding a Default Directory Index
When a user visits a URL that requests a directory, the web server looks for a file in the given directory. If the file or any similar files are not found, and directory index listings are disabled, the web server displays the ‘403 Forbidden’ error message.
To fix the issue, add a default directory index.
1. Access Apache’s main configuration file by using:
sudo nano /etc/apache2/apache2.conf2. Scroll down to find out the default index file name:
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml3. Make sure there is a file in the webroot folder with this name and upload it if it’s missing.
Conclusion
After following this tutorial, you should be able to determine the cause of an Apache ‘403 Forbidden’ error and fix any issues you may find.
If you want to find out more about 403 forbidden error, read our article 403 forbidden error — what is it and how to fix it.
Notice that another issue that might be causing this is that, the «FollowSymLinks» option of a parent directory might have been mistakenly overwritten by the options of your project’s directory. This was the case for me and made me pull my hair until I found out the cause!
Here’s an example of such a mistake:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options Indexes # <--- NOT OK! It's overwriting the above option of the "/" directory.
AllowOverride all
Require all granted
</Directory>
So now if you check the Apache’s log message(tail -n 50 -f /var/www/html/{the_error_log_file_of_your_site}) you’ll see such an error:
Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive
is also forbidden due to its similar ability to circumvent directory restrictions
That’s because Indexes in the above rules for /var/www directory is overwriting the FolowSymLinks of the / directory. So now that you know the cause, in order to fix it, you can do many things depending on your need. For instance:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes # <--- OK.
AllowOverride all
Require all granted
</Directory>
Or even this:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options -Indexes # <--- OK as well! It will NOT cause an overwrite.
AllowOverride all
Require all granted
</Directory>
The example above will not cause the overwrite issue, because in Apache, if an option is «+» it will overwrite the «+»s only, and if it’s a «-«, it will overwrite the «-«s… (Don’t ask me for a reference on that though, it’s just my interpretation of an Apache’s error message(checked through journalctl -xe) which says: Either all Options must start with + or -, or no Option may. when an option has a sign, but another one doesn’t(E.g., FollowSymLinks -Indexes). So it’s my personal conclusion -thus should be taken with a grain of salt- that if I’ve used -Indexes as the option, that will be considered as a whole distinct set of options by the Apache from the other option in the «/» which doesn’t have any signs on it, and so no annoying rewrites will occur in the end, which I could successfully confirm by the above rules in a project directory of my own).
Hope that this will help you pull much less of your hair!
Apache web server is one of the most popular and widely used open-source web servers thanks to its stability and reliability. The web server commands a huge market, especially in web hosting platforms.
Be that as it may, you may get a “Forbidden – You don’t have permission to access / on this server” error on your browser after setting up your website. It’s quite a common error and a good chunk of users have experienced it while testing their site. So what is this error?
Demystifying the Forbidden Error
Also referred to as the 403 Forbidden error, Apache’s ‘Forbidden Error’ is an error that is displayed on a web page when you are attempting to access a website that’s restricted or forbidden. It’s usually splashed on the browser as shown.
Additionally, the error can manifest in several ways on the browser as indicated below:
- HTTP Error 403 – Forbidden
- Forbidden: You don’t have permission to access [directory] on this server
- 403 Forbidden
- Access Denied You don’t have permission to access
- 403 forbidden requests forbidden by administrative rules
So what causes such errors?
The ‘403 Forbidden Error‘ occurs due to the following main reasons:
1. Incorrect File / Directory Permissions
This error can be triggered due to incorrect file/folder permissions on the webroot directory. If the default file permissions are not adjusted to grant users access to the website files, then the chances of this error popping on a web browser are high.
2. Misconfiguration of the Apache Configuration Files
This error can also be attributed to a misconfiguration of one of the Apache configuration files. It could be an incorrect parameter that has been included or missing directives in the configuration file.
Fixing the ‘403 Forbidden Error’
If you have encountered this error, here are a few steps that you can take to remedy this.
1. Adjust File Permissions & Ownership of the Webroot Directory
Incorrect file permissions & directory ownership are known to restrict access to website files. So, firstly, be sure to assign the file permissions recursively to the webroot directory as shown.
The webroot directory should always have EXECUTE permissions and the index.html file should have READ permissions.
$ cd /path/to/webroot/directory
$ sudo find . -type d -exec chmod 755 {} \;
$ sudo find . -type f -exec chmod 644 {} \;
The above find command is used to find all directories (folders) and files within the current directory (.) and set their permissions to 755 (directories) and 644 (files).
Additionally, adjust the ownership of files and directories to a specific user (tecmint) and group www-data or apache using the chown command as shown.
$ sudo chown -R tecmint:apache .
Finally, reload or restart the Apache webserver for the changes to take effect.
$ sudo systemctl restart apache2 OR $ sudo systemctl restart httpd
If this does not resolve the issue, proceed to the next step:
2. Adjust Directives in Apache Main Configuration File
If you are on Debian-based Linux, in Apache’s main configuration file /etc/apache2/apache2.conf, ensure that you have this block of code:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Save and exit and thereafter, restart the Apache.
If you are running Apache on RHEL-based distributions / CentOS systems, ensure that you relax access to the /var/www directory in the /etc/httpd/conf/httpd.conf main Apache configuration file.
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
Then save all the changes and reload Apache.
$ sudo systemctl reload apache2 OR $ sudo systemctl reload httpd
If after trying all these steps you are still getting the error, then please check the configuration of your virtual host files.
We have detailed articles on how you can configure the Apache Virtual host file on:
- How to Install Apache with Virtual Hosts on Debian
- How to Configure Apache Virtual Hosts on Rocky Linux
- How to Install Apache with Virtual Host on CentOS
I hope that the steps provided have helped you clear the 403 error.
The 403 Forbidden error is a common issue that users may encounter when working with the Apache 2.4.7 web server. It typically indicates that the server understood the request but refuses to authorize it. This article will provide a step-by-step guide on how to fix this issue.
- Understanding the 403 Forbidden Error
- Step 1: Check Ownership and Permissions
- Step 2: Update Apache Configuration
- Step 3: Restart Apache
- Step 4: Check Virtual Host Configuration
- Step 5: Enable the Virtual Host
- Conclusion
Understanding the 403 Forbidden Error
Before we delve into the solution, it’s important to understand what a 403 Forbidden error is. This HTTP status code means that accessing the page or resource you were trying to reach is absolutely forbidden for some reason. This error can occur due to incorrect file or directory permissions, incorrect settings in the Apache configuration file, or incorrect settings in the .htaccess file.
Step 1: Check Ownership and Permissions
The first step in resolving the 403 Forbidden error is to check the ownership and permissions of the /var/www directory. This is the default directory where your website files are stored.
You can change the ownership of the directory to the www-data user and group by running the following command:
sudo chown -R www-data:www-data /var/wwwIn this command, chown is used to change the ownership of files or directories. -R is used to change files and directories recursively. www-data:www-data is the user and group that you want to change the ownership to.
Next, set the correct permissions for the directory:
sudo chmod -R 755 /var/wwwHere, chmod is used to change the permissions of files or directories. 755 means that the owner has read, write, and execute permissions, while others have only read and execute permissions.
Step 2: Update Apache Configuration
The next step is to update the Apache configuration file. Open the /etc/apache2/apache2.conf file in a text editor:
sudo nano /etc/apache2/apache2.confEnsure that it contains the following configuration:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>In this configuration, Options Indexes FollowSymLinks allows the server to list the contents of directories, and to follow symbolic links. AllowOverride All allows the use of .htaccess files. Require all granted allows all users to access the directory.
After making these changes, save and close the file.
Step 3: Restart Apache
To apply the changes, you need to restart the Apache service. You can do this by running the following command:
sudo service apache2 restartStep 4: Check Virtual Host Configuration
If you have set up a virtual host for your website, you need to check the virtual host configuration. Open the virtual host file (for example, /etc/apache2/sites-available/mysite.conf):
sudo nano /etc/apache2/sites-available/mysite.confEnsure that it has the correct DocumentRoot and Directory directives.
Step 5: Enable the Virtual Host
If the virtual host file is not already enabled, you can enable it by running the following command:
sudo a2ensite mysite.confFinally, restart the Apache service again:
sudo service apache2 restartAfter following these steps, you should be able to access your web server without encountering the 403 Forbidden error. If the error persists, check your .htaccess file and other virtual host configurations.
Remember, troubleshooting server errors can be tricky. If you’re not comfortable making these changes yourself, consider hiring a professional to help.
Conclusion
The 403 Forbidden error on an Apache 2.4.7 web server can be frustrating, but it’s usually easy to fix. By checking your file and directory permissions, updating your Apache configuration, and ensuring your virtual host configuration is correct, you can resolve this error and get your website back up and running.
Remember, always back up your files before making any changes to your server configuration. If you’re not sure what you’re doing, it’s always best to seek help from a professional.
The 403 Forbidden error is an HTTP status code that indicates the server understood the request, but refuses to authorize it. This means that accessing the page or resource you were trying to reach is absolutely forbidden for some reason.
There are several common causes of a 403 Forbidden error. These include incorrect file or directory permissions, incorrect settings in the Apache configuration file, and incorrect settings in the .htaccess file.
To check the ownership and permissions of the /var/www directory, you can use the following command: sudo ls -l /var/www. This will display the owner and group, as well as the permissions for the directory and its contents.
To change the ownership of the /var/www directory to the www-data user and group, you can use the following command: sudo chown -R www-data:www-data /var/www. To set the correct permissions for the directory, you can use the command: sudo chmod -R 755 /var/www.
To update the Apache configuration file, you can open the /etc/apache2/apache2.conf file in a text editor using the command: sudo nano /etc/apache2/apache2.conf. Make sure the file contains the necessary configuration directives, such as Options Indexes FollowSymLinks, AllowOverride All, and Require all granted.
To restart the Apache service, you can use the command: sudo service apache2 restart. This will apply any changes made to the configuration files and ensure they take effect.
To check the virtual host configuration, you can open the virtual host file (e.g., /etc/apache2/sites-available/mysite.conf) using the command: sudo nano /etc/apache2/sites-available/mysite.conf. Ensure that the DocumentRoot and Directory directives are correctly set.
To enable a virtual host, you can use the command: sudo a2ensite mysite.conf, where mysite.conf is the name of your virtual host file. This will create a symbolic link to the virtual host configuration file in the /etc/apache2/sites-enabled directory.
If the 403 Forbidden error persists, you should check your .htaccess file and other virtual host configurations for any incorrect settings or conflicts. It’s also a good idea to double-check the ownership and permissions of your files and directories. If you’re still unable to resolve the issue, consider seeking help from a professional.