Forbidden You don't have permission to access /index.html on this server.

Question

Level 1

5 points

Forbidden You don't have permission to access /index.html on this server.

I was trying to set up multiple virtual sites, i tried pretty much most of the suggestion posted in the forum, but I could not get a working solution.

DNS are ok. if I create 1 site in the default location, it works.

But i have 1 IP address and 4 virtual sites to set up. So... I created a directory:

/webdirectory (rw/rw/r) outside the standard library/webserver/documents with the subdirectories for all 4 websites (all rw/rw/r).
When I set up the sites, all I get is a:

Forbidden
You don't have permission to access /index.html on this server.
Apache/1.3.33 Server at "mysite.com" Port 80

If I try to access webmail in each site directory, webmail works.
It's a mystery...

Every i-th site is set to:
IP: any
Port:80
option: webmail (only enabled service)
realms: none
ssl: not enabled
webserver aliases: www.mysite(i).com

So it should be a straight forward set up...
Why it is not working?

I tried to leave a default site set up, a site set up with an asterisk, no default site. I checked permissions.
logs are repeating:
[Thu Dec 22 02:19:42 2005] [error] [client 68.162.24.xxx] (13)Permission denied: file permissions deny server access: /webdirectory/mysite/index.html

In etc/httpd/ everything looks ok...
In etc/httpd/sites the virtual site config files are written (and deleted) beautifully...

Please help, I am so close to dump this machine out of the window!!!And I am a mac lover...

xserve, Mac OS X (10.4.3)

Posted on Dec 21, 2005 11:33 PM

Reply

Answer 1

disca Author

Level 1

5 points

Dec 22, 2005 12:00 AM in response to disca

Also... I think that this machine is jinxed...

Reply

Answer 2

disca Author

Level 1

5 points

Dec 22, 2005 7:29 AM in response to disca

there is one thing I forgot to mention last night.
Before (or immediately after, I do not remeber exactly) setting up the web server, I was setting up an FTP user to access the web directory that I created. I think that this is what screwed up everything.
I mean FTP access works ok. I went to server admin/sharing and I shared my entire virtual web directory.
I shared and ushared it, when I realized the web was not working and I toggled between the 2 options while I was deleting sites and re-adding them using system admin. Now that directory is set to:
owner: root
group: admin (R/W)
others: read only

Also I was noticing that apart from the Apple documentation and a totally unusefull book on Tiger server G5 (the only 1 available on the market at the moment), there is not much "how to" stuff available on how to do things step by step. I mean this is standard stuff, so there should be lots of "idiot's guide" to set up a tiger service in the proper way...

Sorry this brings up the next quetion... how do I give ftp access to the web folder in a proper way without messing it (if this was the cause... of course).
I did in the standard way suggested by the manual, but evidently I am missing something (although I repeat, ftp/afp work like a charm!!!).

xserve Mac OS X (10.4.3)

Reply

Answer 3

Dec 22, 2005 4:04 PM in response to disca

As long as /webserver is rwxr-xr-x
and /webserver/mysite is rwxr-xr-x
and /webserver/mysite/index.html is rw-r--r--
or more permissive, things should be okay. Check the perms on the index.html file. What you had for the directories is fine.

Apache runs as user www, so www will need read/browse permissions on all the directories in the path and read on the requested file.

FTP probably had nothing to do with it, except that the default perms on files uploaded by the FTP may not have webserver friendly default permissions.

Roger

Reply

Answer 4

disca Author

Level 1

5 points

Dec 30, 2005 10:58 AM in response to Community User

It only works if I give www the ownership of the web folder...
Is it correct to do that?

Reply

Answer 5

disca Author

Level 1

5 points

Dec 30, 2005 11:15 AM in response to Community User

Maybe I had a defective drive. I am supposed to have 2 80GB drives and I can see only one left. Maybe I was working on the defective one...
I am starting to really dislike this machine.
It's a brand new machine, my gosh, what should I do now? send it back to Apple?

Reply

Answer 6

UptimeJeff

Level 4

3,479 points

Dec 30, 2005 1:27 PM in response to disca

Do you have default files as specified for each site?
For example, OS X defaults to index.html and index.php.
If you don't have one of those files by that exact name, you'll get an error.

If your default file is index.htm (not index.html) then you'll need to add that file name to the default files for the site.

Can you access the files directly by path/name?

Jeff

Reply

Answer 7

Dec 30, 2005 3:43 PM in response to disca

If it only works for user www, which is the user that the webserver serves as, then the permissions aren't set correctly. Each folder that the webserver has to traverse to get to the file, and the file must be readable by user www. This is usually done by granting others read permissions on these folders, and the file. You can do this with the GUI, or you can do it with the chmod command in Terminal.

Roger

Reply

Answer 8

disca Author

Level 1

5 points

Dec 31, 2005 6:27 AM in response to UptimeJeff

Thank you Jeff,
Yes, I do have those: I am new to Mac10.4 server and GServe, but not that new to web!!! I use lots of Win/HP machines. And yes I could open them locally in Safari.

Now I got the web folder to work thank you.

I am still not sure that www should have ownership of the web folders, because it means read/write access for anyone isn't it?

Reply

Answer 9

disca Author

Level 1

5 points

Dec 31, 2005 6:49 AM in response to disca

Thanks Jeff, I moved the ownership back to root, and now everything works.
It's a mystery...

Also i didn't mention it, but my set up is not "standard" out of the box.
I have set up 2 volumes/virtualweb/website1 and website2 directories out of the library/websites folder traditionally used. So I didn't have the problem of having a long path with www read access all the way to the web folders.

Again everything got fixed by itself, I really do not understand...
Go figure...

Reply

Answer 10

disca Author

Level 1

5 points

Dec 31, 2005 6:51 AM in response to disca

It got fixed by itself.
Not that i was doing anything not "in the book"...

Reply

Answer 11

Feb 27, 2006 12:33 PM in response to disca

I've been struggling with this issue for some time now. I have a server in my DMZ that I could not get to work despite the fact that I could replicate the virtual hosts on the internal test server and get it all to work!

In the end I copied, verbatim, the contents of the site from /etc/httpd/sites on my internal server to the site file on the external server and it all worked!

All I can guess at is the order in the file actually matters. I don't have time to go through and find out what was the issue but, for reference, here are the two versions with the one that wouldn't work first :

ServerName aaa.bbb.ccc.dd
ServerAdmin admin@example.com
DirectoryIndex "index.html" "index.php"
CustomLog '|/usr/sbin/rotatelogs "/var/log/httpd/lists accesslog" 604800' "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
<Directory "/Library/WebServer/Documents">
Options All -Indexes -ExecCGI -Includes +MultiViews
<IfModule mod_dav.c>
DAV Off
</IfModule>
AllowOverride None
</Directory>
ErrorLog '|/usr/sbin/rotatelogs "/var/log/httpd/lists errorlog" 604800'
ErrorDocument 404 /error.html
LogLevel debug
<IfModule mod_ssl.c>
SSLCertificateFile "/etc/certificates/Default.crt"
SSLEngine Off
SSLCipherSuite "ALL:!ADH:RC4 RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:eNULL"
SSLLog "/var/log/httpd/ssl enginelog"
SSLCertificateKeyFile "/etc/certificates/Default.key"
</IfModule>
<IfModule mod_dav.c>
DAVLockDB "/var/run/davlocks/.davlock100"
DAVMinTimeout 600
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [F]
RewriteCond %{REQUEST_METHOD} ^TRACE
</IfModule>
<IfModule mod_alias.c>
</IfModule>
DocumentRoot "/Library/WebServer/Documents"
ServerAlias *

Here is the one that works :

ServerName lists.rnzfb.org.nz
ServerAdmin admin@example.com
DocumentRoot "/Library/WebServer/Documents"
DirectoryIndex index.html index.php
CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
ErrorLog "/var/log/httpd/error_log"
ErrorDocument 404 /error.html
<IfModule mod_ssl.c>
SSLEngine Off
SSLLog "/var/log/httpd/ssl enginelog"
SSLCertificateFile "/etc/certificates/Default.crt"
SSLCertificateKeyFile "/etc/certificates/Default.key"
SSLCipherSuite "ALL:!ADH:RC4 RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:eNULL"
</IfModule>
<IfModule mod_dav.c>
DAVLockDB "/var/run/davlocks/.davlock100"
DAVMinTimeout 600
</IfModule>
<Directory "/Library/WebServer/Documents">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>
<IfModule mod_alias.c>
</IfModule>
LogLevel warn
ServerAlias *

PB G4/1GHz 1GB Mac OS X (10.4.5)

Reply