OSX El Capitan - Apache 403 Forbidden - macos

I just upgraded from Yosemite to El Capitan but unfortunately forgot to copy my old httpd.conf and now i need to configure all of its settings again.
I already changed the documentroot to the previous one /users/admin/www, and also configured to release access to this folder:
<Directory "/users/admin/www">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Restarted Apache but even this way I get the 'Forbidden' error when trying to access 127.0.0.1.
What am I'm missing here?

Do the following:
Open Terminal
Run:
cd /etc/apache2/
sudo mv httpd.conf httpd.conf.OLD
sudo mv httpd.conf~previous httpd.conf
sudo apachectl restart
After spending 3 hours on the issue - this worked for me!

I just found out that the old .conf file is saved during the El Captain update, in this folder :
/private/etc/apache2/httpd.conf.pre-update
So i just copied the old definitions to the new one :)

You can navigate to /private/etc/apache2/ and then diff httpd.conf httpd.conf.pre-update to see the differences between your old conf file and the new one that's been added.
For me there was a lot of LoadModules lines commented out, and my apache user/group had been changed back to _www

I am not familiar with the changes in Apache 2.4 so this one really stumped me for about 30 minutes. I just upgraded from Mavericks to El Capitan (Apache 2.2 to 2.4) and I could not load my personal Sites directory (http://localhost/~{username}. I kept getting "Forbidden". After a good bit of research I found that I needed to modify /etc/apache2/users/{username}.conf to add "Require all granted". Since I never upgraded to Yosemite (which also uses Apache 2.4) I never stumbled across this one.
I hope this info helps somebody

Updating the directory access control worked for me:
In this example, all requests are allowed.
2.2 configuration:
Order allow,deny Allow from all
2.4 configuration:
Require all granted
Source: http://httpd.apache.org/docs/trunk/upgrading.html (under Access control)
Note: I keep my custom settings separately under /private/etc/apache2/other/.

This helped as well (after doing everything else as well):
http://coolestguidesontheplanet.com/forbidden-403-you-dont-have-permission-to-access-username-on-this-server/

Like #delphirules said, you can copy your old httpd.conf file like so:
sudo cp /etc/apache2/httpd.conf.pre-update /etc/apache2/httpd.conf
I’ve had issues with connecting to my localhost all day but finally found this: https://mallinson.ca/web-development-with-el-capitan/
Just run the copy command and then do a sudo apachectl restart
I’ve also disabled the SIP ( System Integrity Protection ) in recovery mode. I don’t know if it actually did anything though.. You can find those instructions here: https://forums.developer.apple.com/thread/3981

I had a similar issue receiving a 404 error back when trying to access pages in my local sites directory after enabling myself at the user level to serve sites after upgrading to El Capitan. The issue was that Apache reset the httpd.conf file to its default which disables the user folders to load files from. So http://localhost loaded fine but http://localhost/~username/index.html would NOT load. Here's the fix:
back up the "new" config file that was created:
sudo cp /etc/apache2/httpd.conf /etc/apache2/httpd.conf_capitan
restore the "old" config file that was renamed:
sudo cp /etc/apache2/httpd.conf~previous /etc/apache2/httpd.conf

In case you have symlinks to some of your projects in DocumentRoot directory, after upgrade to El Capitan you can get 403 for these projects, like I did.
You will need the following things to make them work again:
1) Your apache user (_www by default) should have execute access to directory that houses a directory to which you link to.
In my case in apache DocumentRoot I had:
MyProject -> /Users/Me/Documents/Aptana Studio 3 Workspace/MyProject
And for some reason access settings for
/Users/Me/Documents/Aptana Studio 3 Workspace/MyProject
were
-rw------- 1 Me staff My guess it was set during OS x upgrade.
So after sudo chmod 755 Aptana\ Studio\ 3\ Workspace error was resolved.
2) As upgrade also changes httpd.conf, make sure you have this for DocumentRoot directory, or restore from backup httpd.conf as suggested above:
Options Indexes FollowSymLinks
If you upgraded from Mavericks or earlier OS x and restored backup httpd.conf, you should, as jcfranko said, replace apache 2.2 setting for request allowance with:
Require all granted

Create a symlink in your /Users/{user name}/Sites folder
ln -s /Path/To/Target/Files /Users/{user name}/Sites/{name}

Related

localhost/~username/ not working

So i have stuck on this thing since last week . i am new to web development , and wanted to learn php , as soon as i started i had to setup apache server , for root directory it works fine but for localhost/~username/ it can't connect to server "localhost".
here are the files i had been messing up
(sudo apachectl configtest : Syntax OK )
httpd-userdir.conf file
https://www.dropbox.com/s/3zmuc2jetpo3i0i/httpd-userdir.conf?dl=0
httpd.conf file
https://www.dropbox.com/s/vlrzqr95ge2qy3c/httpd.conf?dl=0
username.conf file
https://www.dropbox.com/s/f13cgfgfb56esi7/mfaizanulhaq.conf?dl=0
(OS X el Capitan
10.11.5 (15F34)
&
Server version: Apache/2.4.18 (Unix)
Server built: Feb 20 2016 20:03:19
)
If this is still relevant and you are fed up with trying to find a solution you can change Documents root folder to your user Sites folder. This will prevent everyone but you from accessing localhost from your machine, but it's a hotfix solution. I've had a deadline and I had to finish the site, so this worked for me.
Go to httpd.conf change
DocumentRoot "/Library/WebServer/Documents"
<Directory "/Library/WebServer/Documents">
to
DocumentRoot "/Users/username/Sites"
<Directory "/Users/username/Sites">
To look up your username in the terminal use whoami.
NOTE: Bear in mind you also need to change the following lines in httpd.conf it's located just below DocumentRoot within <Directory> tag you changed earlier.
Whatever it says in your file modify to this (that should be true for ALL configurations of the Apache2)
Options FollowSymLinks Multiviews
MultiviewsMatch Any
AllowOverride All
Require all granted
This is a really bad solution since your Users/username/Sites folder will be accessed directly when you type localhost in the browser, but when something goes wrong, or you've done something wrong this is the best solution so far especially if you are 100% certain you are not going to have more than 1 user access your localhost directory.
i hope no one faces this problem. In my case i had updated php to php 7 but in httpd.conf it was trying to load php 5 so by commenting out that line my problem was solved.

Cannot get site loaded with Apache on Mac

I'm running El Capitan and trying to get my website hosted locally for development with Apache (that came with the OS). I followed the instructions here exactly. I made an anthony.conf file and put the Directory text in there, I replaced the actual directory with /Users/anthony/dev/web/unfinished-asteroids/ and then placed my web files in there. I started apache and navigated for localhost/~anthony but I get the
Not Found: The requested URL /~anthony was not found on this server.
standard 404 error. When I navigate to localhost it works fine and I get the "It works" from the index.html that is located in /Library/WebServer/Documents, I even changed that index.html file and it works fine.
Any ideas why I'm not able to see my website using apache? All I did was download this github repository and place it in my unfinished-asteroids folder, the index.html is at the root.
So it looks like there are a couple of extra steps that you need to do. There isn't really anything too special about apache that comes with OSX, so your standard apache configurations will work. but to get Userdir (~username) working on El Capitan,this is what I had to do
Edit /etc/apache2/httpd.conf
on (or near) line 166, uncomment
loadModule userdir_module libexec/apache2/mod_userdir.so
then on line 493 uncomment
Include /private/etc/apache2/extra/httpd-userdir.conf
then edit file /etc/apache2/extra/httpd-userdir.conf
uncomment line 16
Include /private/etc/apache2/users/*.conf
then in /etc/apache2/users/anthony.conf
<Directory "/Users/anthony/Sites/">
Options Indexes MultiViews
Require all granted
</Directory>
then sudo apachectl restart
That should make http://localhost/~anthony point to your sites directory.
Logs are stored in /var/log/apache2
Now if all you want is web access to say your dev directory you can do something like this.. (don't make any of the changes listed above)
in /etc/apache2/other/ create a file called mydev.conf (name doesn't really matter, save it needs to end in .conf')
and put this in that file
Alias /dev /Users/anthony/dev/
<Directory "/Users/anthony/dev">
Options Indexes MultiViews
Require all granted
</Directory>
and reload apache (sudo apachectl restart)
then you will be able to access your dev folder at http://localhost/dev and should be able to access your page at http://localhost/dev/web/unfinished-asteroids/
you can adjust the paths at will above, just need to make sure that the user or group _www has access to it, and that paths in the alias and the directory match.

Apache, permission denied accessing the web app folder after upgrading OSX to 10.9.2

My Apache used to work fine, but I assume that problems came after upgrading OSX to 10.9.2, (anyway not certain about when the problem came) Apache was not working with the current configuration.
I tried apachectl configtest so I found out that the Apache's file structure on my machine was changed, from Library/WebServer/Documents/ to Library/WebServer/Apache Home so I edited the DocumentRoot of httpd.conf to point to the new folder.
But the problem I still cannot fix is about the permission. I got 403 Forbidden, You don't have permission to access / on this server.
Extra Information
I hosted all my web projects at /Users/myname/home_www this folder and it's sub folders belong to _www group, and has 775 access permission. I created a symlink at Library/WebServer/Apache Home (all these setup used to work fine)
I noticed some strange thing that the Library/WebServer/ and its sub folders belong to wheel group, I never paid attention to these folders before that what group they belong to.
OSX: 10.9.2
Apache: 2.2.26
As I said in my case all problems seem to come after upgrading to 10.9.2, these are steps I have done to solve my problems.
Edit DocumentRoot to DocumentRoot "/Library/WebServer/Apache Home"
Edit <Directory> to <Directory "/Library/WebServer/Apache Home">
This step may not be necessary but just in case, brew upgrade
Chenge owner and group of /usr/local/var/mysql/ to *mysql using sudo chown -R _mysql:_mysql /usr/local/var/mysql/, otherwise mysql.server start will fail

Mac Apache 403 error on symlink

I'm trying to set up directories for some of my php github projects in a separate directory and then create symlinks to them in the web document root.
The document root is /Users/aharris88/sites. I set up a symlink like this:
ln -s ~/dropbox/github/tester/ ~/sites/tester
For now I have a simple index.php file in it with this code:
<?php
echo "hello";
?>
but when I go to localhost/~aharris88/tester I get a 403 Forbidden error.
and when I go to localhost/~aharris88 it's not listed with the other directories.
I've gone to /etc/apache2/users and added aharris88.conf with the following:
<Directory /Users/aharris88/Sites/>
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I'm using the stock OS X Apache install, but it works when I run mamp instead and go to localhost:8888/tester/.
So how can I make this symlink work with the stock OS X Apache install?
The solution is based on the comment from #davidr:
I made a php file called whoami.php with the following code:
<?php echo exec('whoami'); ?>
I ran this page with mamp (localhost:888/whoami.php) and then with os x apache install (localhost/~aharris88/whoami.php), since the symlink worked with mamp and not apache.
Mamp returned my local user (aharris88) and apache returned _www. So that meant that _www didn't have access to the directory where the symlink pointed (~/Dropbox/github/tester).
When I checked the permissions, I noticed that the dropbox directory was set to 700 aharris88, so I set it to 755.
sudo chmod 755 dropbox
and that fixed my issue.

Creating a symbolic link in Sites directory

I have a file in my ~/Sites directory that works fine when I browse to it through coderama.local/~coderama/index2.php
Now I want to get tricky and move my index2.php file to somewhere else on my system, so I do this by creating a symbolic link. However, when I try to access coderama.local/~coderama/index2.php I now get the following error.
Any ideas anyone?
Thanks!
Forbidden
You don't have permission to access /~coderama/index2.php on this server.
That's a configurable Apache option. It appears that by default on Macs (and probably most installations) Apache is configured to not follow symbolic links. I'm guessing (as others mention above) that it's for security purposes.
But it can be really convenient at times to enable following of symbolic links, particularly during development of certain kinds of apps. What you need to do is 1) change the Apache configuration to allow the following of symbolic links, and then 2) restart Apache.
The configuration step is performed as follows:
a) cd /etc/apache2 (this is where Apache's configuration files are by default on a Mac)
b) you'll see a couple of directories here. One is called users
c) cd users
d) ls should reveal a .conf file with your login name (login.conf) I'm "marvo" so mine is named "marvo.conf"
e) Edit this file (I use vi) -- but you have to do it using sudo:
sudo vi marvo.conf
f) You'll see something like
<Directory "/Users/marvo/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
g) Add the "FollowSymLinks" option so that the second line of that .conf file looks like:
Options Indexes MultiViews FollowSymLinks
(You can find other configuration options out there on the 'net. I found this page: http://httpd.apache.org/docs/2.0/mod/core.html#directory )
h) Save the file.
Now you have to restart Apache so that it picks up the configuration change. Googling around a bit, I found that this is most easily done from the command line with the following command:
sudo /usr/sbin/apachectl restart
(Found that at http://mcapewell.wordpress.com/2006/09/22/restart-apache-in-mac-os-x/ )
Now that symbolic link should work just fine on your Sites pages.
Had the same issue. Unfortunately, Marvo's answer wasn't enough.
The problem lies with the permissions set on every folder in the path, starting from ~/. The directories needs the execute flag set to be able to recurse the directory tree. So, in my case, I symlinked a theme folder from ~/Dropbox/projects/theme to a wordpress install on ~/Site/wordpress.
The answer was:
chmod a+x ~/Dropbox/
chmod a+rx ~/Dropbox/projects
This is an old issue, but if anyone reaches this page, it might be useful. :)
Seems like a security issue (also suggested by Matt)
http://discussions.apple.com/thread.jspa?threadID=1771399
I don't remember the specific reason why, but it doesn't work. It's a security issue. You can use XAMPP http://www.apachefriends.org/en/xampp-macosx.html or MAMP http://www.mamp.info/en/index.html to get around this.
In addition to Marvo's answer. What helped me was to Change the permission on Documents folder:
cd ~
chmod a+rx Documents/
Also make sure you have a directive in your httpd-vhosts.conf
Otherwise you get the same '403 forbidden in the browser', with 'the client denied by server configuration in the error log.

Resources