Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Wordpress pretty permalinks and 403 Forbidden issues |
|
Author |
|
stardustvega
Joined: 28 Feb 2023 Posts: 19
|
Posted: Wed 08 Jan '25 15:02 Post subject: Wordpress pretty permalinks and 403 Forbidden issues |
|
|
I'm running a local Apache installation with WordPress. In order to test some functionality, I need the WordPress JSON API to work, which means I need to enable pretty permalinks.
When you enable that in WordPress, WordPress adds an .htaccess file, and I *cannot* seem to get it to work.
The .htaccess file looks like this:
Code: | # BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress |
So, for starters, in httpd.conf, I uncommented the line:
Code: | LoadModule rewrite_module modules/mod_rewrite.so |
Just doing that on its own leads to all the pages/posts returning a 404 error.
A little more digging suggested that I need to add some stuff to my Directory virtual host definitions. Specifically, that I need to add the lines:
Code: | Options FollowSymLinks Indexes
AllowOverride FileInfo |
The problem is that I'm still getting a 403 Forbidden error when I do that.
I suspect this *might* be related to the fact that I'm serving my site from a sub-directory but I've tried every variant I can think of and no dice. Here's the contents of the relevant virtual host.
Code: | <VirtualHost *:443>
ServerName mysite.local
DocumentRoot "${DOCROOT}/mysite/wordpress"
<Directory "${DOCROOT}/mysite/wordpress/">
Options Indexes FollowSymLinks
AllowOverride FileInfo
Require all granted
</Directory>
<IfModule fcgid_module>
FcgidInitialEnv PATH "${PHPROOT}/php-8.3.9"
FcgidInitialEnv PHPRC "${PHPROOT}/php-8.3.9"
<Files ~ "\.php$>"
Options ExecCGI
AddHandler fcgid-script .php
FcgidWrapper "${PHPROOT}/php-8.3.9/php-cgi.exe" .php
</Files>
</IfModule>
SSLEngine on
SSLCertificateFile "${DOCROOT}/mysite/ssl/mysite.crt"
SSLCertificateKeyFile "${DOCROOT}/mysite/ssl/mysite.key"
</VirtualHost> |
Additional context--in wp-config, I have the following info set:
Code: | define('WP_SITEURL', 'https://mysite.local');
define('WP_HOME', 'https://mysite.local'); |
I'm not sure that's relevant at all. |
|
Back to top |
|
Otomatic
![](images/avatars/24455e7e39169050f.png)
Joined: 01 Sep 2011 Posts: 222 Location: Paris, France, EU
|
Posted: Wed 08 Jan '25 15:59 Post subject: |
|
|
Hi,
Code: | define('WP_SITEURL', 'https://mysite.local');
define('WP_HOME', 'https://mysite.local'); |
Don't forget that this information is also in the Wordpress database, table wp_options, fields 'siteurl' and 'home' and that it may be necessary to modify them. |
|
Back to top |
|
stardustvega
Joined: 28 Feb 2023 Posts: 19
|
Posted: Wed 08 Jan '25 17:42 Post subject: |
|
|
Otomatic wrote: | Don't forget that this information is also in the Wordpress database, table wp_options, fields 'siteurl' and 'home' and that it may be necessary to modify them. |
Mm, hadn't thought to check that. I checked now though and it looks like those values are correctly set in the wp_options table.
(Edit: That is, in wp_options, both siteurl and home are set to https://mysite.local) |
|
Back to top |
|
stardustvega
Joined: 28 Feb 2023 Posts: 19
|
Posted: Thu 09 Jan '25 1:39 Post subject: |
|
|
I'm really scratching my head on this one.
Further things I've tried. I increased the log levels in this virtual host and I'm looking at my error log. It seems like the core issue is this line:
Code: | [Wed Jan 08 17:29:50.563311 2025] [rewrite:error] [pid 15428:tid 1120] [client 127.0.0.1:50470] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/Development/www/mysite/wordpress/index.php |
What's throwing me is that as far as I understand, I *have* enabled FollowSymLinks.
The section is:
Code: | <Directory "${DOCROOT}/mysite/wordpress/">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory> |
DOCROOT is defined in httdp.conf as c:/Development/www, so the directory selected here would be c:/Development/www/mysite/wordpress/, which is what's getting flagged in the log.
I've searched for this error, but I'm just getting a lot of people who need to add the FollowSymLinks statement.
Oh, also, I put the RewriteEngine On near the top of the VirtualHost definition, so I don't think that's my problem. |
|
Back to top |
|
Stray78
![](images/avatars/1138666473398adc46.jpg)
Joined: 15 Apr 2024 Posts: 29 Location: USA
|
Posted: Thu 09 Jan '25 16:05 Post subject: |
|
|
Dumb question but have to ask. After adding FollowSymLinks, did you save the file & restart Apache? |
|
Back to top |
|
stardustvega
Joined: 28 Feb 2023 Posts: 19
|
Posted: Thu 09 Jan '25 16:55 Post subject: |
|
|
Nope, I get it, you've got to ask.
Yep, I've both used httpd -k restart and tried just stopping the server completely and launching it again. I do believe it's restarting successfully based on the logs.
I also tried rebooting the computer and running it on just in case. And whenever I've been trying to refresh the page, I do hard refresh, not a soft one in case there's a caching problem.
It feels to me like what's happening is it's getting through the initial rewrite because there are things in the log that state that the rewrite is being applied and then I think maybe it gets to a certain point and then rejects it.
Like, I'm wondering if when it tries to process the rewritten URL, it's hitting some directory I can't identify and that's the one that it's objecting to. I can post a larger section of the logs when I get home. |
|
Back to top |
|
tdonovan Moderator
Joined: 17 Dec 2005 Posts: 612 Location: Milford, MA, USA
|
Posted: Thu 09 Jan '25 19:23 Post subject: |
|
|
Perhaps you could try replacing: with:
This directive might be replacing the existing two options instead of adding to them. See the Options directive and How the configuration sections are merged
-tom- |
|
Back to top |
|
stardustvega
Joined: 28 Feb 2023 Posts: 19
|
Posted: Fri 10 Jan '25 1:03 Post subject: |
|
|
tdonovan wrote: | Perhaps you could try replacing: with: |
That fixed it! I don't think I ever would have found that, THANK YOU!
For the sake of documenting this for the next person who happens on this... (Let me know if I've misunderstood here)
When I looked at my error logs more closely (I'd set the LogLevel up to try and troubleshoot), there were a series of logs that looked like this:
Code: | [Thu Jan 09 16:48:18.272570 2025] [rewrite:trace2] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] init rewrite engine with requested uri /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [rewrite:trace1] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] pass through /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [authz_core:debug] [pid 2040:tid 1120] mod_authz_core.c(815): [client 127.0.0.1:53188] AH01626: authorization result of Require all granted: granted, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [authz_core:debug] [pid 2040:tid 1120] mod_authz_core.c(815): [client 127.0.0.1:53188] AH01626: authorization result of <RequireAny>: granted, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [core:trace3] [pid 2040:tid 1120] request.c(360): [client 127.0.0.1:53188] request authorized without authentication by access_checker_ex hook: /sample-page/, referer: https://mysite.local/
[Thu Jan 09 16:48:18.272570 2025] [rewrite:trace3] [pid 2040:tid 1120] mod_rewrite.c(505): [client 127.0.0.1:53188] 127.0.0.1 - - [mysite.local/sid#2997bb2a768][rid#2997c98c5e0/initial] [perdir C:/Development/www/mysite/wordpress/] add path info postfix: C:/Development/www/mysite/wordpress/sample-page -> C:/Development/www/mysite/wordpress/sample-page/, referer: https://mysite.local/ |
So I knew that the rewrite process was starting. But then, eventually, it would get to a certain point and I'd get this message:
Code: | [Thu Jan 09 16:48:18.272570 2025] [rewrite:error] [pid 2040:tid 1120] [client 127.0.0.1:53188] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/Development/www/mysite/wordpress/index.php, referer: https://mysite.local/ |
With the information Tom shared above, what I *think* was happening is that it was rewriting it up until it tried to serve a PHP file.
When it hit a PHP file, it triggered the Files directive, which *only* had ExecCGI enabled, so at that point, the rewrite process stopped working as expected.
(Technically, since the pretty permalink was /sample-page, I think it was probably trying to serve a directory at that location maybe?)
The final steps that worked were:
1) In httpd.conf, enable mod_rewrite by uncommenting:
Code: | LoadModule rewrite_module modules/mod_rewrite.so |
2) In httpd.vhosts, my update my vhosts definition for this site as follows:
Code: | <VirtualHost *:443>
RewriteEngine On
ServerName mysite.local
DocumentRoot "${DOCROOT}/mysite/wordpress"
<Directory "${DOCROOT}/mysite/wordpress/">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule fcgid_module>
FcgidInitialEnv PATH "${PHPROOT}/php-8.3.9"
FcgidInitialEnv PHPRC "${PHPROOT}/php-8.3.9"
<Files ~ "\.php$>"
Options +ExecCGI
AddHandler fcgid-script .php
FcgidWrapper "${PHPROOT}/php-8.3.9/php-cgi.exe" .php
</Files>
</IfModule>
SSLEngine on
SSLCertificateFile "${DOCROOT}/mysite/ssl/mysite.crt"
SSLCertificateKeyFile "${DOCROOT}/mysite/ssl/mysite.key"
</VirtualHost> |
Thank you again for your help! |
|
Back to top |
|
Otomatic
![](images/avatars/24455e7e39169050f.png)
Joined: 01 Sep 2011 Posts: 222 Location: Paris, France, EU
|
Posted: Fri 10 Jan '25 11:51 Post subject: |
|
|
Hi,
Although the [+|-] signs are optional for options, it is highly recommended that you always use them.
-- Excerpts from the Apache documentation for the Options directive
Normally, if multiple Options could apply to a directory, then the most specific one is used and others are ignored; the options are not merged. (See how sections are merged.) However if all the options on the Options directive are preceded by a + or - symbol, the options are merged. Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.
Note
Mixing Options with a + or - with those without is not valid syntax and will be rejected during server startup by the syntax check with an abort.
For example, without any + and - symbols:
<Directory "/web/docs">
Options Indexes FollowSymLinks
</Directory>
<Directory "/web/docs/spec">
Options Includes
</Directory>
then only Includes will be set for the /web/docs/spec directory. However if the second Options directive uses the + and - symbols:
<Directory "/web/docs">
Options Indexes FollowSymLinks
</Directory>
<Directory "/web/docs/spec">
Options +Includes -Indexes
</Directory>
then the options FollowSymLinks and Includes are set for the /web/docs/spec directory. |
|
Back to top |
|
|
|
|
|
|