You don't have permission to access /index.php on this server error


I wrote simple project using many crud (created with gii) operations.

When I add or update record in most of the models I often(not all the time), get the error


You don’t have permission to access /index.php on this server error.

after create or update a record I show the view controller, like


After I refresh the page (f5) I view the page correctly.

I appreciate your help.



Hi Itay, the same problem with mine in my recent project, i have develop many project but never got this kind of error before. I’m using Apache 2.2.14 on Ubuntu 10.04 LTS. Maybe it’s about file permission? But why after the page refreshed the error gone? Anyone knows this issue?

Note: i just update my OS from Ubuntu Update Manager.

You could check SELinux (or App Armor if using that) logs and see if it is blocking reads or writes from anything under your web apps root.

I had a similar issue on Fedora regarding the assets and protected/runtime directories.

If you are running SELinux you can test this by running (as root) this command:

setenforce 0

You can then confirm that you have set SELinux to Permissive by running this command:


It should say ‘Permissive’ or ‘Enforcing’. If it says permissive, you can try your webpage again and see if it works now.

But why the problem occured only on this project, not from beginning? this is weird.

That could be because of the newly created files having different selinux contexts…

I see this issue with Yii all the time. It is not Yii that is to blame, it is a secure system recognizing that you have files/folders that do not have a context that allows public access via apache (httpd_sys_content_t).

You can check file permissions and selinux context with

ls -lZ /<webdir>/<files>"

Where "<webdir>/<files>" is changed to be the files and folders you want to look at the permissions on.

You can look at the "CentOS HowTos for SELinux" page for good information on SELinux (look closely at sections 4 and 5 for Apache).

The easiest test though is the one I said above (setenforce 0 as root). Then re-check the URLs that gave you a forbidden message.

I did forget to mention above though, that after testing you should turn SELinux back on…

SELinux Permissive:

setenforce 0

SELinux Enforcing:

setenforce 1