You don't have permission to access /index.php on this server error

itayst99 · December 26, 2011, 7:05pm

Hello,

I wrote simple project using many crud (created with gii) operations.

When I add or update record in most of the models I often(not all the time), get the error

Forbidden

You don’t have permission to access /index.php on this server error.

after create or update a record I show the view controller, like

my_module/my_model/view&id=123

After I refresh the page (f5) I view the page correctly.

I appreciate your help.

Regards,

Itay

itmagetan · January 24, 2012, 11:26pm

Hi Itay, the same problem with mine in my recent project, i have develop many project but never got this kind of error before. I’m using Apache 2.2.14 on Ubuntu 10.04 LTS. Maybe it’s about file permission? But why after the page refreshed the error gone? Anyone knows this issue?

Note: i just update my OS from Ubuntu Update Manager.

ddreggors · January 25, 2012, 3:35am

You could check SELinux (or App Armor if using that) logs and see if it is blocking reads or writes from anything under your web apps root.

I had a similar issue on Fedora regarding the assets and protected/runtime directories.

If you are running SELinux you can test this by running (as root) this command:


setenforce 0

You can then confirm that you have set SELinux to Permissive by running this command:


getenforce

It should say ‘Permissive’ or ‘Enforcing’. If it says permissive, you can try your webpage again and see if it works now.

itmagetan · February 8, 2012, 4:59am

But why the problem occured only on this project, not from beginning? this is weird.

ddreggors · September 19, 2012, 9:04pm

That could be because of the newly created files having different selinux contexts…

I see this issue with Yii all the time. It is not Yii that is to blame, it is a secure system recognizing that you have files/folders that do not have a context that allows public access via apache (httpd_sys_content_t).

You can check file permissions and selinux context with




ls -lZ /<webdir>/<files>"

Where "<webdir>/<files>" is changed to be the files and folders you want to look at the permissions on.

You can look at the "CentOS HowTos for SELinux" page for good information on SELinux (look closely at sections 4 and 5 for Apache).

The easiest test though is the one I said above (setenforce 0 as root). Then re-check the URLs that gave you a forbidden message.

I did forget to mention above though, that after testing you should turn SELinux back on…

SELinux Permissive:


setenforce 0

SELinux Enforcing:


setenforce 1