Author |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Thu 08 Feb '18 18:28 Post subject: Help please, get a 403 Forbidden message |
|
|
For some reason no matter what I change in the config, people still get a 403 Forbidden message (You don't have permission to access / on this server.) and I don't know what to do. Here is my config file:
https://pastebin.com/Xu36xwQ0
Please help! |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Thu 08 Feb '18 22:39 Post subject: PLEASE |
|
|
PLEASE GUYS I REALLY NEED HELP |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Thu 08 Feb '18 23:02 Post subject: |
|
|
What does Apache's error log say for the error? |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 1:29 Post subject: Answer to your question |
|
|
glsmith wrote: | What does Apache's error log say for the error? |
[Thu Feb 08 10:23:17.972345 2018] [authz_core:error] [pid 23344:tid 1192] [client 173.73.164.52:1024] AH01630: client denied by server configuration: C:/wamp64/www/
[Thu Feb 08 10:23:19.382117 2018] [authz_core:error] [pid 23344:tid 1192] [client 173.73.164.52:1024] AH01630: client denied by server configuration: C:/wamp64/www/favicon.ico, referer: http://cslawnservice.tk/
Moderator Edit: Removed all the error log's noise pollution. |
|
Back to top |
|
pschmehl
Joined: 13 Oct 2017 Posts: 16 Location: United States, Richardson, TX
|
Posted: Fri 09 Feb '18 4:09 Post subject: |
|
|
WIth this directive, you have granted hackers access to your entire server, including the password file.
Code: | #
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride all
Require all granted
</Directory> |
You need to change that to Require all denied ASAP.
Is C:\wamp\www where all your webfiles are located?
Last edited by pschmehl on Fri 09 Feb '18 4:18; edited 1 time in total |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 4:15 Post subject: |
|
|
pschmehl wrote: | WIth this directive, you have granted hackers access to your entire server, including the password file.
Code: | #
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride all
Require all granted
</Directory> |
You need to change that to Require all denied ASAP. |
Yes, thanks!...but how do I let normal people view my website? |
|
Back to top |
|
pschmehl
Joined: 13 Oct 2017 Posts: 16 Location: United States, Richardson, TX
|
Posted: Fri 09 Feb '18 4:20 Post subject: |
|
|
I edited my last reply, but I'll reply here as well. Is C:/wamp/www where all your web files are? Have you tried using C:/wamp/www if they are? |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 4:22 Post subject: Yes |
|
|
pschmehl wrote: | I edited my last reply, but I'll reply here as well. Is C:\wamp\www where all your web files are? Have you tried using C:/wamp/www if they are? |
I have used that before but it didn't seem to make any difference. Should I try it again? Should I change it back to granted if I change that? |
|
Back to top |
|
pschmehl
Joined: 13 Oct 2017 Posts: 16 Location: United States, Richardson, TX
|
Posted: Fri 09 Feb '18 4:30 Post subject: |
|
|
If it didn't work before, it's not going to work if you do it again.
First, $[INSTALL_DIR} is defined as C;/wamp. So, if your web files are C:/wamp/www, then <Direcotry ${INSTALL_DIR}/www> is fine.
In that Directory definition, you should (and do) have Require all granted. So your config is fine.
What's the permissions on the files in C:/wamp/www? The webserver has to be able to read those files and enter all the subdirectories.
You do not EVER want to have Require all granted for the root directory. That gives the webserver access to every file on your server. Including SYSTEMDIR, SYSTEMROOT, everything. The directive for <Directory /> should always be Require all denied. Then you grant access only to the directories that you want the web visitors to have access to. |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 4:40 Post subject: idk |
|
|
pschmehl wrote: | If it didn't work before, it's not going to work if you do it again.
First, $[INSTALL_DIR} is defined as C;/wamp. So, if your web files are C:/wamp/www, then <Direcotry ${INSTALL_DIR}/www> is fine.
In that Directory definition, you should (and do) have Require all granted. So your config is fine.
What's the permissions on the files in C:/wamp/www? The webserver has to be able to read those files and enter all the subdirectories.
You do not EVER want to have Require all granted for the root directory. That gives the webserver access to every file on your server. Including SYSTEMDIR, SYSTEMROOT, everything. The directive for <Directory /> should always be Require all denied. Then you grant access only to the directories that you want the web visitors to have access to. |
SO I have changed it to this:
Code: | <Directory ${INSTALL_DIR}/www>
AllowOverride all
Require all granted
</Directory> |
I looked at the permissions and all of the options seem to have "read and execute" checked. Is there a different way to do the permissions other than looking here?
https://imgur.com/a/u5m9U
Also, I have change that and it still says I don't have access to /
https://imgur.com/a/FHOJn |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Fri 09 Feb '18 5:29 Post subject: |
|
|
You're "Including" conf/extra/httpd-vhosts.conf and that overrides httpd.conf for the first site. However, the <Directory> you now have in httpd.conf should handle it but it would be nice to see httpd-vhosts.conf also to have the full picture, and a new eoor log, but only the actual errors. We don't need to know that 64 child threads we opened
Last edited by glsmith on Fri 09 Feb '18 5:31; edited 1 time in total |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 5:30 Post subject: |
|
|
glsmith wrote: | You're "Including" conf/extra/httpd-vhosts.conf and that overrides httpd.conf for the first site. However, the <Directory> you now have in httpd.conf should handle it but it would be nice to see httpd-vhosts.conf also to have the full picture. |
Code: | # Virtual Hosts
#
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
|
|
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Fri 09 Feb '18 5:33 Post subject: |
|
|
Ah ha, Require local = only the local computer Apache is running on.
Require local -> Require all granted |
|
Back to top |
|
CameronMcGehee
Joined: 08 Feb 2018 Posts: 8 Location: USA, Virginia
|
Posted: Fri 09 Feb '18 5:33 Post subject: |
|
|
glsmith wrote: | Ah ha, Require local = only the local computer Apache is running on.
Require local -> Require all granted |
Thank you so much!! |
|
Back to top |
|