Forbidden: You don't have permission to access / on this server

goose1987 · February 2, 2019, 8:57pm

Hi there
I’m wondering if someone can help or advise me. I’ve had a Yii built site running on a multi-site apache environment for a short while now and it’s mysteriously gone down with an apache error message “Forbidden - You don’t have permission to access / on this server.”

There are multiple other sites running on the same server, some WordPress sites and two Yii sites including the site in question. All of the other sites remain up.

Since it appears to have been down a short while I’m not entirely sure what happened to cause it, but I was editing file permissions for some of the adjoining directories on the same server. I must have done something to cause this of course, but can’t for the life of me work out what.

The site is within directory /var/www/{site-name}/public_html

permissions are as follows:
/{site-name}: drwxrwxr-x 3 www-data www-data
/public_html: drwxrwxr-x 9 www-data www-data

My .htaccess files contain the following:

Top level directory:

Options +FollowSymLinks=
IndexIgnore /
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php

Protected directory:

Options +FollowSymLinks
IndexIgnore /
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php

My apache site config file is as follows:

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

    ServerAdmin email@gmail.com
    ServerName site-name
    ServerAlias www.site-name
    DocumentRoot /var/www/site-name/public_html

    <Directory "/var/www/site-name/public_html">
            # use mod_rewrite for pretty URL support
            RewriteEngine on
            # If a directory or a file exists, use the request directly
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            # Otherwise forward the request to index.php
            RewriteRule . index.php
    </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

I’m really stumped by this, any help/assistance/advice would be appreciated.

Best regards

machour · February 3, 2019, 11:00am

Hi,

Is index.php still under public_html ?

Some Apache versions requires you to add require all granted under the Directory section. Could you try that for this vhost?

goose1987 · February 3, 2019, 3:40pm

Thanks for the reply machour.

Yes index.php is under public_html.

I’ve added that to make the directory section look like this:

    <Directory "/var/www/site-name/public_html">
            # use mod_rewrite for pretty URL support
            RewriteEngine on
            # If a directory or a file exists, use the request directly
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            # Otherwise forward the request to index.php
            RewriteRule . index.php
            require all granted
    </Directory>

I’ve restarted apache, but it still shows the same error.

Since staring at the screen a little longer I’ve noticed there’s a little more to the error message on the page:

“Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips PHP/5.3.14 Server at site-name Port 80”

Perhaps this is actually to do with SSL. SSL was in use on a different site that is no longer running. I don’t understand how this could affect the site in question, which doesn’t use SSL, but I can’t think why the 403 would reference it if it had nothing to do with it.

machour · February 3, 2019, 5:05pm

Next step would be to enable debug logs for Apache using the LogLevel directive.
It should give you some insights on what’s going on.

Make sure you remove your new LogLevel once this is fixed, it could quickly slurp all your disk space.

goose1987 · February 4, 2019, 6:33pm

Ah ha!

This has proven to be an error of someone else’s making. It turns out the dns has reverted. It’s just that whatever default page is an apache 403 error.

Thanks for your assistance Machour. The penny eventually dropped after following your advice. The site in question contributed nothing to the error logs.

machour · February 4, 2019, 6:48pm

“Whoops, that’s not my server” errors are the best
Happy you sorted that out!

PouriaDiesel · September 30, 2021, 7:54pm

I had this error for 6 month.finally i found that i shouldn’t put double quotation in my Ajax headers because I was sending JSON with my Ajax data.it causes to below error:
ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at ARGS.
reference: Answer Link