logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Wordpress pretty permalinks and 403 Forbidden issues
Author
stardustvega



Joined: 28 Feb 2023
Posts: 19

PostPosted: Wed 08 Jan '25 15:02    Post subject: Wordpress pretty permalinks and 403 Forbidden issues Reply with quote

I'm running a local Apache installation with WordPress. In order to test some functionality, I need the WordPress JSON API to work, which means I need to enable pretty permalinks.

When you enable that in WordPress, WordPress adds an .htaccess file, and I *cannot* seem to get it to work.

The .htaccess file looks like this:

Code:
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


So, for starters, in httpd.conf, I uncommented the line:

Code:
LoadModule rewrite_module modules/mod_rewrite.so


Just doing that on its own leads to all the pages/posts returning a 404 error.

A little more digging suggested that I need to add some stuff to my Directory virtual host definitions. Specifically, that I need to add the lines:

Code:
Options FollowSymLinks Indexes
AllowOverride FileInfo


The problem is that I'm still getting a 403 Forbidden error when I do that.

I suspect this *might* be related to the fact that I'm serving my site from a sub-directory but I've tried every variant I can think of and no dice. Here's the contents of the relevant virtual host.

Code:
<VirtualHost *:443>
    ServerName mysite.local
    DocumentRoot "${DOCROOT}/mysite/wordpress"

    <Directory "${DOCROOT}/mysite/wordpress/">
      Options Indexes FollowSymLinks
      AllowOverride FileInfo
      Require all granted
    </Directory>

    <IfModule fcgid_module>
        FcgidInitialEnv PATH "${PHPROOT}/php-8.3.9"
        FcgidInitialEnv PHPRC "${PHPROOT}/php-8.3.9"
        <Files ~ "\.php$>"
            Options ExecCGI
            AddHandler fcgid-script .php
            FcgidWrapper "${PHPROOT}/php-8.3.9/php-cgi.exe" .php
        </Files>
    </IfModule>


    SSLEngine on
    SSLCertificateFile "${DOCROOT}/mysite/ssl/mysite.crt"
    SSLCertificateKeyFile "${DOCROOT}/mysite/ssl/mysite.key"

</VirtualHost>


Additional context--in wp-config, I have the following info set:

Code:
define('WP_SITEURL', 'https://mysite.local');
define('WP_HOME', 'https://mysite.local');


I'm not sure that's relevant at all.
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 225
Location: Paris, France, EU

PostPosted: Wed 08 Jan '25 15:59    Post subject: Reply with quote

Hi,

Code:
define('WP_SITEURL', 'https://mysite.local');
define('WP_HOME', 'https://mysite.local');


Don't forget that this information is also in the Wordpress database, table wp_options, fields 'siteurl' and 'home' and that it may be necessary to modify them.
Back to top
stardustvega



Joined: 28 Feb 2023
Posts: 19

PostPosted: Wed 08 Jan '25 17:42    Post subject: Reply with quote

Otomatic wrote:
Don't forget that this information is also in the Wordpress database, table wp_options, fields 'siteurl' and 'home' and that it may be necessary to modify them.


Mm, hadn't thought to check that. I checked now though and it looks like those values are correctly set in the wp_options table.

(Edit: That is, in wp_options, both siteurl and home are set to https://mysite.local)
Back to top
stardustvega



Joined: 28 Feb 2023
Posts: 19

PostPosted: Thu 09 Jan '25 1:39    Post subject: Reply with quote

I'm really scratching my head on this one.

Further things I've tried. I increased the log levels in this virtual host and I'm looking at my error log. It seems like the core issue is this line:

Code:
[Wed Jan 08 17:29:50.563311 2025] [rewrite:error] [pid 15428:tid 1120] [client 127.0.0.1:50470] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/Development/www/mysite/wordpress/index.php


What's throwing me is that as far as I understand, I *have* enabled FollowSymLinks.

The section is:

Code:
<Directory "${DOCROOT}/mysite/wordpress/">
   Options Indexes FollowSymLinks
   AllowOverride All
   Require all granted
</Directory>


DOCROOT is defined in httdp.conf as c:/Development/www, so the directory selected here would be c:/Development/www/mysite/wordpress/, which is what's getting flagged in the log.

I've searched for this error, but I'm just getting a lot of people who need to add the FollowSymLinks statement.

Oh, also, I put the RewriteEngine On near the top of the VirtualHost definition, so I don't think that's my problem.
Back to top
Stray78



Joined: 15 Apr 2024
Posts: 29
Location: USA

PostPosted: Thu 09 Jan '25 16:05    Post subject: Reply with quote

Dumb question but have to ask. After adding FollowSymLinks, did you save the file & restart Apache?
Back to top
stardustvega



Joined: 28 Feb 2023
Posts: 19

PostPosted: Thu 09 Jan '25 16:55    Post subject: Reply with quote

Nope, I get it, you've got to ask.

Yep, I've both used httpd -k restart and tried just stopping the server completely and launching it again. I do believe it's restarting successfully based on the logs.

I also tried rebooting the computer and running it on just in case. And whenever I've been trying to refresh the page, I do hard refresh, not a soft one in case there's a caching problem.

It feels to me like what's happening is it's getting through the initial rewrite because there are things in the log that state that the rewrite is being applied and then I think maybe it gets to a certain point and then rejects it.

Like, I'm wondering if when it tries to process the rewritten URL, it's hitting some directory I can't identify and that's the one that it's objecting to. I can post a larger section of the logs when I get home.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 612
Location: Milford, MA, USA

PostPosted: Thu 09 Jan '25 19:23    Post subject: Reply with quote

Perhaps you could try replacing:
Code:
Options ExecCGI
with:
Code:
Options +ExecCGI


This directive might be replacing the existing two options instead of adding to them. See the Options directive and How the configuration sections are merged

-tom-
Back to top
stardustvega



Joined: 28 Feb 2023
Posts: 19

PostPosted: Fri 10 Jan '25 1:03    Post subject: Reply with quote

tdonovan wrote:
Perhaps you could try replacing:
Code:
Options ExecCGI
with:
Code:
Options +ExecCGI


That fixed it! I don't think I ever would have found that, THANK YOU!

For the sake of documenting this for the next person who happens on this... (Let me know if I've misunderstood here)

When I looked at my error logs more closely (I'd set the LogLevel up to try and troubleshoot), there were a series of logs that looked like this:

Code:
[Thu Jan 09 16:48:18.272570 2025] [rewrite:trace2] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] init rewrite engine with requested uri /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [rewrite:trace1] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] pass through /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [authz_core:debug] [pid 2040:tid 1120] mod_authz_core.c(815): [client 127.0.0.1:53188] AH01626: authorization result of Require all granted: granted, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [authz_core:debug] [pid 2040:tid 1120] mod_authz_core.c(815): [client 127.0.0.1:53188] AH01626: authorization result of <RequireAny>: granted, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [core:trace3] [pid 2040:tid 1120] request.c(360): [client 127.0.0.1:53188] request authorized without authentication by access_checker_ex hook: /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [rewrite:trace3] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] [perdir C:/Development/www/mysite/wordpress/] add path info postfix: C:/Development/www/mysite/wordpress/sample-page -> C:/Development/www/mysite/wordpress/sample-page/, referer: https://mysite.local/


So I knew that the rewrite process was starting. But then, eventually, it would get to a certain point and I'd get this message:

Code:
[Thu Jan 09 16:48:18.272570 2025] [rewrite:error] [pid 2040:tid 1120] [client 127.0.0.1:53188] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/Development/www/mysite/wordpress/index.php, referer: https://mysite.local/


With the information Tom shared above, what I *think* was happening is that it was rewriting it up until it tried to serve a PHP file.

When it hit a PHP file, it triggered the Files directive, which *only* had ExecCGI enabled, so at that point, the rewrite process stopped working as expected.

(Technically, since the pretty permalink was /sample-page, I think it was probably trying to serve a directory at that location maybe?)

The final steps that worked were:

1) In httpd.conf, enable mod_rewrite by uncommenting:

Code:
LoadModule rewrite_module modules/mod_rewrite.so


2) In httpd.vhosts, my update my vhosts definition for this site as follows:

Code:
<VirtualHost *:443>
    RewriteEngine On
    ServerName mysite.local
    DocumentRoot "${DOCROOT}/mysite/wordpress"

    <Directory "${DOCROOT}/mysite/wordpress/">
      Options FollowSymLinks
      AllowOverride All
        Require all granted
    </Directory>

    <IfModule fcgid_module>
        FcgidInitialEnv PATH "${PHPROOT}/php-8.3.9"
        FcgidInitialEnv PHPRC "${PHPROOT}/php-8.3.9"
        <Files ~ "\.php$>"
            Options +ExecCGI
            AddHandler fcgid-script .php
            FcgidWrapper "${PHPROOT}/php-8.3.9/php-cgi.exe" .php
        </Files>
    </IfModule>


    SSLEngine on
    SSLCertificateFile "${DOCROOT}/mysite/ssl/mysite.crt"
    SSLCertificateKeyFile "${DOCROOT}/mysite/ssl/mysite.key"

</VirtualHost>


Thank you again for your help!
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 225
Location: Paris, France, EU

PostPosted: Fri 10 Jan '25 11:51    Post subject: Reply with quote

Hi,

Although the [+|-] signs are optional for options, it is highly recommended that you always use them.

-- Excerpts from the Apache documentation for the Options directive

Normally, if multiple Options could apply to a directory, then the most specific one is used and others are ignored; the options are not merged. (See how sections are merged.) However if all the options on the Options directive are preceded by a + or - symbol, the options are merged. Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.

Note
Mixing Options with a + or - with those without is not valid syntax and will be rejected during server startup by the syntax check with an abort.

For example, without any + and - symbols:
<Directory "/web/docs">
Options Indexes FollowSymLinks
</Directory>

<Directory "/web/docs/spec">
Options Includes
</Directory>

then only Includes will be set for the /web/docs/spec directory. However if the second Options directive uses the + and - symbols:

<Directory "/web/docs">
Options Indexes FollowSymLinks
</Directory>

<Directory "/web/docs/spec">
Options +Includes -Indexes
</Directory>

then the options FollowSymLinks and Includes are set for the /web/docs/spec directory.
Back to top


Reply to topic   Topic: Wordpress pretty permalinks and 403 Forbidden issues View previous topic :: View next topic
Post new topic   Forum Index -> Apache