Apache: client denied by server configuration

I am getting

[Tue Apr 24 12:12:55 2012] [error] [client 127.0.0.1] client denied by server configuration: /labs/Projects/Nebula/bin/

My directory structure looks like (I am using Symfony 2, should be similar structure for other web frameworks)

enter image description here

I have vhosts setup like: 

<VirtualHost nebula:80>
DocumentRoot "/labs/Projects/Nebula/web/"
ServerName nebula
ErrorLog "/var/log/httpd/nebula-errors.log"
</VirtualHost>


<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
Order allow,deny
Allow from 127.0.0 192.168.1 ::1 localhost
</Directory>

I wonder whats the problem and how do I fix it?

210262 次浏览
小开

Can you try changing "Allow from 127.0.0 192.168.1 ::1 localhost" to "Allow from all". If that fixes your problem, you need to be less restrict about where content can be requested from

小开
最佳答案

OK I am using the wrong syntax, I should be using

Allow from 127.0.0.1
Allow from ::1
...
小开

Here's my symfony 1.4 virtual host file on debian, which works fine.

  <Directory /var/www/sf_project/web/>
Options All Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

If you wan't to restrict access to a specific ip range, e.g. localhost use this:

Allow from 127.0.0.0/8

The mod_authz_host is responsible for filtering ip ranges. You can look up detailed things in there.

But maybe the problem could be related to some kind of misconfiguration in your "apache2.conf".

On what OS is the apache running?

小开

Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error. You would also see a log message of the form "client denied by server configuration". The feature is requiring an authorized user identity to access a directory. It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive

Require all denied

This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:

Require all granted

as in

<Directory "your directory here">
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
小开

if you are having the 

Allow from All

in httpd.conf then make sure us have

index.php

like in the below line in httpd.conf

DirectoryIndex index.html index.php
小开

In my case the key was:

AllowOverride All

in vhost definition. I hope it helps someone.

小开

In Apache 2.4 the old access authorisation syntax has been deprecated and replaced by a new system using Require.

What you want then is something like the following:

<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
<RequireAny>
Require local
Require ip 192.168.1
</RequireAny>
</Directory>

This will allow connections that originate either from the local host or from ip addresses that start with "192.168.1".

There is also a new module available that makes Apache 2.4 recognise the old syntax if you don't want to update your configuration right away:

sudo a2enmod access_compat
小开

This code worked for me..

 <Location />
Allow from all
Order Deny,Allow
</Location>

Hope this helps others

小开

I had this issue using Vesta CP and for me, the trick was remove .htaccess and try to access to any file again.

That resulted on regeneration of .htaccess file and then I was able to access to my files.


提交答案