logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Help please, get a 403 Forbidden message

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Thu 08 Feb '18 18:28    Post subject: Help please, get a 403 Forbidden message Reply with quote

For some reason no matter what I change in the config, people still get a 403 Forbidden message (You don't have permission to access / on this server.) and I don't know what to do. Here is my config file:

https://pastebin.com/Xu36xwQ0

Please help! Very Happy
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Thu 08 Feb '18 22:39    Post subject: PLEASE Reply with quote

PLEASE GUYS I REALLY NEED HELP
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2132
Location: Sun Diego, USA

PostPosted: Thu 08 Feb '18 23:02    Post subject: Reply with quote

What does Apache's error log say for the error?
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 1:29    Post subject: Answer to your question Reply with quote

glsmith wrote:
What does Apache's error log say for the error?


[Thu Feb 08 10:23:17.972345 2018] [authz_core:error] [pid 23344:tid 1192] [client 173.73.164.52:1024] AH01630: client denied by server configuration: C:/wamp64/www/
[Thu Feb 08 10:23:19.382117 2018] [authz_core:error] [pid 23344:tid 1192] [client 173.73.164.52:1024] AH01630: client denied by server configuration: C:/wamp64/www/favicon.ico, referer: http://cslawnservice.tk/

Moderator Edit: Removed all the error log's noise pollution.
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 14
Location: United States, Richardson, TX

PostPosted: Fri 09 Feb '18 4:09    Post subject: Reply with quote

WIth this directive, you have granted hackers access to your entire server, including the password file.
Code:
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride all
    Require all granted
</Directory>

You need to change that to Require all denied ASAP.

Is C:\wamp\www where all your webfiles are located?


Last edited by pschmehl on Fri 09 Feb '18 4:18; edited 1 time in total
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 4:15    Post subject: Reply with quote

pschmehl wrote:
WIth this directive, you have granted hackers access to your entire server, including the password file.
Code:
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride all
    Require all granted
</Directory>

You need to change that to Require all denied ASAP.


Yes, thanks!...but how do I let normal people view my website?
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 14
Location: United States, Richardson, TX

PostPosted: Fri 09 Feb '18 4:20    Post subject: Reply with quote

I edited my last reply, but I'll reply here as well. Is C:/wamp/www where all your web files are? Have you tried using C:/wamp/www if they are?
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 4:22    Post subject: Yes Reply with quote

pschmehl wrote:
I edited my last reply, but I'll reply here as well. Is C:\wamp\www where all your web files are? Have you tried using C:/wamp/www if they are?


I have used that before but it didn't seem to make any difference. Should I try it again? Should I change it back to granted if I change that?
Back to top
pschmehl



Joined: 13 Oct 2017
Posts: 14
Location: United States, Richardson, TX

PostPosted: Fri 09 Feb '18 4:30    Post subject: Reply with quote

If it didn't work before, it's not going to work if you do it again.

First, $[INSTALL_DIR} is defined as C;/wamp. So, if your web files are C:/wamp/www, then <Direcotry ${INSTALL_DIR}/www> is fine.
In that Directory definition, you should (and do) have Require all granted. So your config is fine.

What's the permissions on the files in C:/wamp/www? The webserver has to be able to read those files and enter all the subdirectories.

You do not EVER want to have Require all granted for the root directory. That gives the webserver access to every file on your server. Including SYSTEMDIR, SYSTEMROOT, everything. The directive for <Directory /> should always be Require all denied. Then you grant access only to the directories that you want the web visitors to have access to.
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 4:40    Post subject: idk Reply with quote

pschmehl wrote:
If it didn't work before, it's not going to work if you do it again.

First, $[INSTALL_DIR} is defined as C;/wamp. So, if your web files are C:/wamp/www, then <Direcotry ${INSTALL_DIR}/www> is fine.
In that Directory definition, you should (and do) have Require all granted. So your config is fine.

What's the permissions on the files in C:/wamp/www? The webserver has to be able to read those files and enter all the subdirectories.

You do not EVER want to have Require all granted for the root directory. That gives the webserver access to every file on your server. Including SYSTEMDIR, SYSTEMROOT, everything. The directive for <Directory /> should always be Require all denied. Then you grant access only to the directories that you want the web visitors to have access to.



SO I have changed it to this:

Code:
<Directory ${INSTALL_DIR}/www>
    AllowOverride all
    Require all granted
</Directory>


I looked at the permissions and all of the options seem to have "read and execute" checked. Is there a different way to do the permissions other than looking here?

https://imgur.com/a/u5m9U

Also, I have change that and it still says I don't have access to /

https://imgur.com/a/FHOJn
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2132
Location: Sun Diego, USA

PostPosted: Fri 09 Feb '18 5:29    Post subject: Reply with quote

You're "Including" conf/extra/httpd-vhosts.conf and that overrides httpd.conf for the first site. However, the <Directory> you now have in httpd.conf should handle it but it would be nice to see httpd-vhosts.conf also to have the full picture, and a new eoor log, but only the actual errors. We don't need to know that 64 child threads we opened Smile

Last edited by glsmith on Fri 09 Feb '18 5:31; edited 1 time in total
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 5:30    Post subject: Reply with quote

glsmith wrote:
You're "Including" conf/extra/httpd-vhosts.conf and that overrides httpd.conf for the first site. However, the <Directory> you now have in httpd.conf should handle it but it would be nice to see httpd-vhosts.conf also to have the full picture.


Code:
# Virtual Hosts
#
<VirtualHost *:80>
  ServerName localhost
  ServerAlias localhost
  DocumentRoot "${INSTALL_DIR}/www"
  <Directory "${INSTALL_DIR}/www/">
    Options +Indexes +Includes +FollowSymLinks +MultiViews
    AllowOverride All
    Require local
  </Directory>
</VirtualHost>
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2132
Location: Sun Diego, USA

PostPosted: Fri 09 Feb '18 5:33    Post subject: Reply with quote

Ah ha, Require local = only the local computer Apache is running on.

Require local -> Require all granted
Back to top
CameronMcGehee



Joined: 08 Feb 2018
Posts: 8
Location: USA, Virginia

PostPosted: Fri 09 Feb '18 5:33    Post subject: Reply with quote

glsmith wrote:
Ah ha, Require local = only the local computer Apache is running on.

Require local -> Require all granted


Thank you so much!!
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1