Apache "Forbidden" Error after Leopard Upgrade

Question

Level 1

70 points

Apache "Forbidden" Error after Leopard Upgrade

Hopefully this is really simple.

I have just upgraded from Tiger to Leopard and as part of that process Apache 2.2 was installed where before I had Apache 1.3. Interesting the upgrade turned Web Sharing OFF - nice - however that was easily overcome in System Preferences.

However, I know next to nothing about Apache so cannot easily solve the next problem. Now whenever I try to access http://localhost/~Username Apache returns "Forbidden - You do not have permission".

It would be much appreciated if anyone could let me know where I need to put the 'tick-in-the-box' or amend some configuration setting. Thanks in advance.

MacBook Pro, Mac OS X (10.5)

Posted on Oct 26, 2007 10:24 AM

Reply

Answer 1

Niel

Level 10

726,749 points

Oct 26, 2007 10:32 AM in response to WestD

Choose Go to Folder from the Finder's Go menu, enter ~/Sites/ as the folder's location, and change the permissions on this folder so that all accounts have Read access to everything inside.

(25299)

Reply

Answer 2

Jul 2, 2008 11:14 AM in response to Niel

Thats not the solution... the problem is that the config file that Apache needs for each user account was deleted when it was upgraded and not re-generated. I've got a post here that explains how to fix it.

Jason

Reply

Answer 3

WestD Author

Level 1

70 points

Oct 26, 2007 11:06 AM in response to Jason Kerner

Jason,

Brilliant, as you say in the linked post - boom! its working now.

Or .... at least for standard HTML. That has now just uncovered the fact PHP is not running on Apache even though I installed entropy 5.2.4 for Apache 2 after the leopard update.

I am going to re-read your linked post to see if that can provide help on the PHP issue. Cheers.

Reply

Answer 4

jkwuc89

Level 1

35 points

Oct 26, 2007 1:00 PM in response to WestD

In an attempt to get this working in my Leopard install, I mistakenly deleted /etc/apache2/httpd.conf. There is one under /etc/apache2/originals and I tried using that but it does not work. Can someone reply to this thread with the contents of /etc/apache2/httpd.conf? Thanks!!!

Reply

Answer 5

WestD Author

Level 1

70 points

Oct 26, 2007 4:27 PM in response to WestD

The post by Jason was excellent and solved the PHP issue as well.

However, for those that are interested, I then had a MySQL error where I could not connect to MySQL due to a socket issue (error 2002). It appears that the socket has changed from /tmp/mysql.sock to /var/mysql/mysql.sock. I do not pretend to understand how or why, however the following article on the apple web site did solve my issue:- http://docs.info.apple.com/article.html?artnum=301457

Note: I solved this via the my.cnf option and not the php.ini solution which I could not get to work by trying to set it to the original 'tmp' file even though the article indicates this is the preferred option.

Reply

Answer 6

jkwuc89

Level 1

35 points

Oct 27, 2007 8:33 AM in response to WestD

I finally got my Leopard Apache configuration working with PHP5 and with MySQL. I also solved (finally) the forbidden errors I was seeing. Here are some of the changes I made.

1. My read permissions on my website files and directories were configured correctly so I suspected that something inside my httpd.conf file was amiss. Inside /etc/apache2/httpd.conf, I commented out two lines in the <Directory> block. This fixed the "forbidden" messages I was seeing for my virtual hosts. See below:
<Directory />
Options FollowSymLinks
AllowOverride None
# Order deny,allow
# Deny from all
</Directory>

2. I used the system.log in Console to detect and fix httpd.conf syntax errors. If you have syntax errors in any of your httpd.conf files, apache2 under Leopard will not start.

3. I removed the comment character from the start of the line below inside httpd.conf:
LoadModule php5_module libexec/apache2/libphp5.so

I am now back to where I was with Tiger.

Reply

Answer 7

davebwr

Level 1

7 points

Oct 30, 2007 10:52 AM in response to jkwuc89

jkwuc89 has the ticket to getting ~user/Sites/ to work... although I had to use root to get permissions to edit the file. Not sure what the security implications of changing the deny,allow params. are however.

Reply

Answer 8

jkwuc89

Level 1

35 points

Oct 30, 2007 12:00 PM in response to davebwr

My MacBook Pro where Apache is running is always behind some kind of firewall and therefore, it is not publicly accessible. So, I am reasonably comfortable with opening up the access the way that I did.

Reply

Answer 9

mlhnet

Level 1

4 points

Nov 1, 2007 10:30 PM in response to jkwuc89

You may want to leave the root protection in place.
I fixed the issue myself by making a similar change to the user dir config file.
You could add the following lines to the end of the /private/etc/apache2/extra/httpd-userdir.conf file.

<Directory /Users/*/Sites>
Order Deny,Allow
Allow from all
</Directory>

Reply

Answer 10

mcgarry

Level 1

0 points

Nov 13, 2007 9:35 AM in response to mlhnet

Thank you mlhnet! I was having trouble accessing any of my virtual hosts (getting 403) after moving my server to 10.5/2.2.6, but your tip solved the issue.

Reply

Answer 11

thraxisp

Level 1

5 points

Nov 20, 2007 2:40 PM in response to mlhnet

I found that this was configured properly, but the file system permissions on ~username were set to prevent access. I had to change this to allow "Everyone" read-only access. This is probably not the best thing to do, but suggestions are welcome.

Reply

Answer 12

xnav

Level 5

7,089 points

Nov 20, 2007 3:07 PM in response to thraxisp

Interesting, Leopard made my ~username read-only for 'Everyone' from the beginning.

Reply

Answer 13

Nov 27, 2007 1:43 PM in response to WestD

I too was having those 403 errors. I followed peoples' directions:
- I enabled PHP in the httpd.conf file
- I created a new file in apache2/users/shortusername.conf with the following contents:
<Directory "/Users/shortusername/Sites/">
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
However, I now get a "Cannot connect to server" whenever I try to navigate to http://localhost/~shortusername/. I can still navigate to http://localhost/ and get the generic Apache page, though. Anyone have any idea as to what's up?

Thanks

Reply

Answer 14

xnav

Level 5

7,089 points

Nov 27, 2007 2:21 PM in response to old_blaggard

Open the Console application and see if you're getting an error message. Also, check the error log as specified in your httpd.conf file.

Reply

Answer 15

Nov 27, 2007 2:48 PM in response to xnav

There are a couple of errors that appear in Console. They appear continuously as long as Web Sharing is active:

11/27/07 4:43:05 PM org.apache.httpd[217] httpd: Syntax error on line 455 of /private/etc/apache2/httpd.conf: Syntax error on line 15 of /private/etc/apache2/extra/httpd-userdir.conf: Syntax error on line 1 of /private/etc/apache2/users/shortusername.conf: /private/etc/apache2/users/shortusername.conf:1: <Directory> was not closed.

Then afterwards:

11/27/07 4:43:47 PM com.apple.launchd[1] (org.apache.httpd[221]) Exited with exit code: 1

Then:

11/27/07 4:43:47 PM com.apple.launchd[1] (org.apache.httpd) Throttling respawn: Will start in 9 seconds

Then it repeats. It would seem that it doesn't like something in the shortusername.conf file. Again, what I posted above is all that I have in there - do I need any headers or any specific kind of formatting for that file?

The apache error log is rather lengthy - would it help for me to post it, or will these errors be enough?

Reply