9

I have a Linux box running Centos 6.6 with Apaches 2.2.x For some unknown reason, turning on the rewrite engine causes a 403 error (this happens whether I add a rewrite rule or not).

I have spent hours researching this and have made changes to my config in accordance with advice I have found in many places, but still got nowhere.

Currently in my .htaccess I have this:

<IfModule mod_rewrite.c>  
Options +FollowSymLinks  
RewriteEngine On  
</IfModule>

In the directives for the virtual host, I have this:

DocumentRoot /var/www/html/example.uk  
<Directory /var/www/html/example.uk>  
Options Indexes FollowSymLinks MultiViews  
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerName example.uk  
ServerAlias www.example.uk

(This seems to work in a Debian box, but not for my Centos machine.)

In my httpd.conf I have changed

AllowOverride None

to

AllowOverride All

my httpd.conf also contains LoadModule rewrite_module modules/mod_rewrite.so

Error log says:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk

Now, I have previously added SymLinksIfOwnerMatch to the directives, but it didn't solve the problem.

I followed this and all seemed to go as it should.

Improve this question
8
  • what page are you getting the 403? Do you have an index file in that location?
    – Panama Jack
    Commented Apr 23, 2015 at 5:53
  • @PanamaJack the root. There is an index.php there, which displays fine if I comment out RewriteEngine On
    – Jez D
    Commented Apr 23, 2015 at 6:15
  • check your apache log file and see what error it's saying why you're getting 403
    – Panama Jack
    Commented Apr 23, 2015 at 12:44
  • @PanamaJack I have added it to the question
    – Jez D
    Commented Apr 23, 2015 at 13:01
  • Do you have access to your logs? if so, check them and put logs for a single request here!
    – undone
    Commented May 1, 2015 at 12:50

4 Answers 4

Reset to default
2

This happens when Apache doesn't have execute rights for

/var
/var/www
/var/www/html
/var/www/html/example.uk

Run:

chmod o+x /var /var/www /var/www/html /var/www/html/example.uk
Improve this answer
3
  • I tried this and restarted apache. Still didn't work.
    – Jez D
    Commented May 1, 2015 at 15:55
  • No, still have the problem.
    – Jez D
    Commented May 4, 2015 at 18:55
  • 1
    This actually helped me. Apache was the owner, but didn't have execution rights. chmod to /var/www/html 755 did the trick
    – Imtiaz
    Commented Aug 27, 2020 at 14:47
2
+25

Since apache version >= 2.4 directive 

Order allow,deny
allow from all

leads to a global 403, to ensure this if you check you're apache's log :

[Tue May 05 11:54:32.471679 2015] [authz_core:error] [pid 9497] [client 127.0.0.1:35908] AH01630: client denied by server configuration: /path/to/web/

Comment Directive Order and add Require all granted like bellow:

 Require all granted
 #Order allow,deny
 #allow from all

Hope this help.

Edit :

explanation from apache This behaviour is provided by new module mod_authz_host

For list of restriction available (ip, host, etc) http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html

Improve this answer
1
  • Thanks, but that resulted in a 500 error. I think I will just have to forget about using .htaccess and use PHP instead.
    – Jez D
    Commented May 6, 2015 at 5:47
1

You should remove this line from htaccess

Options +FollowSymLinks

You already have it in the apache vhost file. Also if you should add a rule if you're going to turn on mod_rewrite or there is no point to turning it on.

Improve this answer
7
  • Did you add a rewriterule?
    – Panama Jack
    Commented Apr 23, 2015 at 14:27
  • added RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://example.uk/$1 [R,L] still got 403 error
    – Jez D
    Commented Apr 23, 2015 at 14:35
  • When you added this to the vhost file did your restart apache?
    – Panama Jack
    Commented Apr 23, 2015 at 14:41
  • Yes, I restarted apache
    – Jez D
    Commented Apr 23, 2015 at 15:04
  • Try changing Indexes to -Indexes in the vhost and restart.
    – Panama Jack
    Commented Apr 23, 2015 at 15:08
1

Another possibility with Apache 2.4 is caused by Options -FollowSymlinks which will also throw a 403 error and generate the following log:

AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions

This was not the case in the original post, but if it comes up you would need to re-enable FollowSymLinks using this line:

Options +FollowSymLinks

Improve this answer
1
  • Thanks for your contribution. To add clarity, & to round out your post as a complete answer, may I suggest adding the exact code needed to re-enable FollowSymLinks. This way a user not as familiar with this technology could apply your suggestion without first being required to do additional research to learn how. Completely self-contained answers are more useful, & more likely to be upvoted. Simply adding 1 line of code to the end of your post would be an excellent addition. If this is something people might want to read more about, adding a source link, if you have one, is always welcomed.
    – SherylHohman
    Commented May 6, 2020 at 19:49

Not the answer you're looking for? Browse other questions tagged or ask your own question.