Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: DRockafellow
DRockafellow Author
User level: Level 1
5 points

You don't have permission to access / on this server.

I have the current server version installed on the current OS X and the wiki and xcode webservices run just fine, but if I try server.local or manage.local:443 neither of them work and I get the below error;


Forbidden

You don't have permission to access / on this server.

Apache/2.2.24 (Unix) PHP/5.4.17 mod_wsgi/3.3 Python/2.7.5 mod_ssl/2.2.24 OpenSSL/0.9.8y DAV/2 Server at server.local Port 80
How do I correct this? H E L P

MacBook Pro (17-inch Core 2 Duo)

Posted on Nov 20, 2013 1:31 PM

Reply
8 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,637 points

Nov 20, 2013 2:31 PM in response to DRockafellow

Please get local DNS set up on your network if you've not already done so — ISP DNS and domain registrar DNS will not work with a NAT'd network typically used, and not having valid DNS will cause weird problems as other services are brought online — and then verify the ownership and file access of the files — see this thread for a similar situation. (I've just posted several replies over there.)


Launch Terminal.app from Applications > Utilities and issue the following diagnostic command:


sudo changeip -checkhostname


You'll need to enter an adminstrative password, might see a one-time warning message about the sudo, then some output on the network configuration, and finally an indication that no changes are required or that network or DNS errors have been detected.


HTTPS on TCP port 443 also expects a certificate be present and available, and you'll need either a purchased certificate for publicly-accessible web servers, or a private certificate if you're working with selected local systems and systems where you can get your own root certificate loaded.


However, your accesses for TCP 443 are getting forewarded over to TCP port 80 — which doesn't need a certificate — based on that error message shown. This implies 443 isn't configured or is forwarding the entry. See if port 80 is working, then check the web server logs for any errors related to 443. To check the error logs, launch Console.app from Applications > Utilities and look in the list of logs at the left of Console.app for the Apache web server logs.

Reply
User profile for user: DRockafellow
DRockafellow Author
User level: Level 1
5 points

Nov 20, 2013 4:19 PM in response to MrHoffman

Mr Hoffman,


Thank you for the advise. I have read through it and don't think I'm having a DNS issue. I'm pretty sure its a permissions issue and a configuration file or two I may have messed up over the last couple of upgrades. To better explain my issue, bellow is what I get when entering the following url's:


http://server.local = Forbidden You don't have permission to access / on this server.

http://127.0.0.1 = A page saying "It works!" (But from where I don't know, not the folder I assigned)


http://server.local/wiki = The correct local wiki page

http://127.0.0.1/wiki = The correct local wiki page


http://server.local/xcode = The correct local xcode page

http://127.0.0.1/xcode = The correct local xcode page


Apache2 access_log when calling server.local:

Server.local 10.0.0.107 - - [20/Nov/2013:15:59:28 -0800] "GET / HTTP/1.1" 403 325 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0"


Apache2 access_log when calling server.local/wiki:

Server.local 10.0.0.107 - - [20/Nov/2013:16:01:40 -0800] "GET /wiki HTTP/1.1" 200 4598 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0"


Apache2 error_log when calling server.local:

Marker - Nov 20, 2013, 4:05:00 PM

[Wed Nov 20 16:05:05 2013] [crit] [client 10.0.0.107] (13)Permission denied: /Users/david/Documents/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable


This does not serve the internet and is only on my local laptop for development use. My actual web root is /Users/david/Documents/WWWRoot/


Does any of the above shed light on things?


Thanks in advance for the help,


David

Reply
User profile for user: jaygatsby1123
jaygatsby1123
User level: Level 1
19 points

Nov 20, 2013 7:51 PM in response to DRockafellow

It's a permissions issue.


Go to the File Sharing tab in the Server App and add the folder of the files/website you would like people to access. Adjust permissions from that tab.


In the event that images fail to load, find them in Finder, Get Info, and give "everyone" Read Only access.



I've had this problem all too many times *rolling my eyes*.


EDIT: In your case, it seems you'll want to give Websites Root 'Read Only' permissions, either for everyone (if you want it public) or just you.


Websites Root is the default folder for the default OS X Server website.

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,637 points

Nov 21, 2013 5:44 AM in response to DRockafellow

You do have a permissions problem on the web server files. Given the 403 error, those files are protected against access by the web server.


OS X Server is a multi-user system, which means that the files of one user can be protected against access by another user. You user is your shortname, and that can be visible via the id command at the Terminal.app command line prompt. The web user is www (or _www), and is a completely separate user, with separate access rights and ownerships.


This difference in users and this requirement for explicitly allowing file access is entirely intentional with the web server, as you don't want to allow remote users free access to your file system. By having these restrictions and by keeping the Apache files underneath the Apache directory root (and not located in random places arond the file system), you can reduce the potential damage of a web server security breach. If the files are located elsewhere within the file system or are protected against the Apache www user access, then remote web clients will be denied access.


"127.0.0.1" is a string that selects one virtual host of the many that can be around. It'll very likely be the default host, with the default web server directory for Apache, unless that's been changed.


Please humor me here and issue the sudo changeip -checkhost command and confirm that DNS is correct and no changes, or if there are errors. If your host domain is set to .local on your server or if your DNS local isn't correct, sooner or later things go sideways. It's a very common case for bad DNS to cause weirdness later, too. Further, fixing the results of DNS configuration errors later in the lifetime of an OS X Server system tends to be far more work than fixing it earlier, too.

Reply
User profile for user: DRockafellow
DRockafellow Author
User level: Level 1
5 points

Nov 21, 2013 9:23 PM in response to MrHoffman

I broke down and called apple support, we change the site folder back to /Library/Server/Web/data/sites/sandbox and that solved my permission problems but not my vhost issues. As Mr Hoffman said, I do have DNS issues as server.local still works but sandbox.local does not (This is with server DNS turned off). Can someone point me to an FAQ or tell me how to do the following:


1. Correctly configure DNS for local services. (Does creation of a site automaticatally add vhost entries?)

2. Configure a web app like xcode or wiki but for myphpadmin.

3. What is the best book or site to learn OS X 10.9 server administartion and web services.


I've been a PC tech for many years and I'm now working on a BS in computer science but unfortunately I'm not learning much about Apple products or linux for that matter as of yet. I feel bad asking dumb questions, so feel free to point me to educational resources to learn the in and outs of the apple server.


Thanks again,


David


P.S. I did find http://www.coolestguidesontheplanet.com/downtown/get-apache-mysql-php-and-phpmya dmin-working-osx-109-mavericks and it has helped a lot but not answered all my questions.

Reply
User profile for user: killers
killers
User level: Level 1
5 points

Sep 5, 2015 4:10 AM in response to DRockafellow

After reading your post DRockafellow, I had my folders in a different Volume and I had permissions setup on the www folder where I had the site files but the Volume itself I didn't have everyone to read only. Once I did that then my website came up just fine. Thanks so much. I have been struggling with this permissions things.


Thanks,


Kenneth

Reply

You don't have permission to access / on this server.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up