提问人:Dmytro Zarezenko 提问时间:6/4/2012 最后编辑:Stephen OstermillerDmytro Zarezenko 更新时间:7/13/2022 访问量:2527261
错误消息“禁止您无权访问此服务器”[已关闭]
Error message "Forbidden You don't have permission to access / on this server" [closed]
问:
闭。此问题不符合 Stack Overflow 准则。它目前不接受答案。
这个问题似乎不是关于特定的编程问题、软件算法或程序员主要使用的软件工具。如果您认为该问题在另一个 Stack Exchange 站点上是主题,您可以发表评论以解释该问题可能在哪里得到回答。
5年前关闭。
我自己配置了我的Apache,并尝试在虚拟主机上加载phpMyAdmin,但我收到了:
403 禁止访问 您无权访问此服务器
我的 httpd.conf
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" will be interpreted by the
# server as "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which httpd.exe is located
# will be used by default. It is recommended that you always supply
# an explicit drive letter in absolute paths to avoid confusion.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:80
Include conf/vhosts.conf
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule php5_module "c:/Program Files/php/php5apache2_2.dll"
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon
</IfModule>
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
#
ServerAdmin [email protected]
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.somenet.example:80
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access.log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.somenet.example/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock logs/cgisock
</IfModule>
#
# "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.somenet.example/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
PHPIniDir "c:/Program Files/php"
和 vhosts.conf:
NameVirtualHost 127.0.0.1:80
<VirtualHost 127.0.0.1:80>
DocumentRoot i:/projects/webserver/__tools/phpmyadmin/
ServerName dbadmin.tools
</VirtualHost>
答:
14赞
Dmytro Zarezenko
6/4/2012
#1
这篇文章在 Apache 2.2 上创建虚拟主机帮助我(第 9 点)对顶级虚拟主机目录的权限。
我只是将以下行添加到我的 vhosts.conf 文件中:
<Directory I:/projects/webserver>
Order Deny,Allow
Allow from all
</Directory>
评论
0赞
Mithun Shreevatsa
5/12/2015
我遇到了问题,我将 ubuntu 14.04 中的文档根路径从 /var/www/html/ 更改为 /media/user/projects/php/: DocumentRoot /media/mithun/Projects/Sites/php <Directory /media/user/projects/php/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> 它不起作用。有什么帮助吗?
706赞
amd
7/2/2012
#2
更新时间:2016 年 10 月
4年前,由于这个答案被许多人用作参考,而这些年来我从安全角度学到了很多东西, 我觉得我有责任澄清一些重要的注意事项,我已经相应地更新了我的答案。
原来的答案是正确的,但对于某些生产环境来说并不安全, 此外,我还想解释一下您在设置环境时可能遇到的一些问题。
如果您正在寻找一个快速的解决方案并且安全性不是问题,即开发环境,请跳过并阅读原始答案
许多情况都可能导致 403 禁止访问:
A. 目录索引(从mod_autoindex.c)
当您访问某个目录时,如果在此目录中没有找到默认文件,并且未为此目录启用 Apache。Options Indexes
A.1. 选项示例DirectoryIndex
DirectoryIndex index.html default.php welcome.php
A.2. 选项Options Indexes
如果设置,如果找不到默认文件,Apache 将列出目录内容(来自上述👆🏻选项)
如果上述条件均不满足
您将收到 403 禁止访问
建议
- 除非确实需要,否则不应允许目录列表。
- 将默认索引限制为最小值。
DirectoryIndex - 如果要修改,请将修改限制为仅需要的目录,例如,使用文件,或将修改放在指令中
.htaccess<Directory /my/directory>
B. 指令 (Apache 2.2)deny,allow
@Radu 提到的,@Simon A. Eugster 在评论中您的请求被这些指令拒绝、列入黑名单或列入白名单。
我不会发布完整的解释,但我认为一些例子可能会帮助你理解, 简而言之,请记住这条规则:
如果两者都匹配,则最后一个指令将获胜
Order allow,deny
如果两个指令匹配,则 Deny 将获胜(即使指令是在 conf 之后编写的)allowdeny
Order deny,allow
如果两个指令匹配,则 allow 将获胜
示例 1
Order allow,deny
Allow from localhost mydomain.example
只有并且可以访问它,所有其他主机都会被拒绝localhost*.mydomain.example
示例 2
Order allow,deny
Deny from evil.example
Allow from safe.evil.example # <-- has no effect since this will be evaluated first
所有请求都被拒绝了,最后一行可能会欺骗你,但请记住,如果与最后一条获胜规则匹配(这里拒绝是最后一条),则与所写相同:
Order allow,deny
Allow from safe.evil.example
Deny from evil.example # <-- will override the previous one
示例 4
Order deny,allow
Allow from site.example
Deny from untrusted.site.example # <-- has no effect since this will be matched by the above `Allow` directive
接受来自所有主机的请求
示例 4:公共网站的典型值(除非列入黑名单,否则允许)
Order allow,deny
Allow from all
Deny from hacker1.example
Deny from hacker2.example
示例 5:Intranet 和安全站点的典型值(除非列入白名单,否则拒绝)
Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain
C. 指令 (Apache 2.4)Require
Apache 2.4 使用一个名为mod_authz_host
Require all granted=> 允许所有请求
Require all denied=> 拒绝所有请求
Require host safe.example=> 只允许从safe.example
D. 文件权限
大多数人做错的一件事是配置文件权限,
黄金法则是
从没有权限开始,并根据需要添加
在 Linux 中:
目录应具有权限
Execute文件应具有权限
Read是的,你是对的 DO NOT ADD 文件权限
Execute
例如,我使用此脚本来设置文件夹权限
# setting permissions for /var/www/mysite.example
# read permission ONLY for the owner
chmod -R /var/www/mysite.example 400
# add execute for folders only
find /var/www/mysite.example -type d -exec chmod -R u+x {} \;
# allow file uploads
chmod -R /var/www/mysite.example/public/uploads u+w
# allow log writing to this folder
chmod -R /var/www/mysite.example/logs/
我发布了此代码作为示例,设置在其他情况下可能会有所不同
原始答案
我遇到了同样的问题,但我通过在全局目录设置中或在特定目录块中设置选项指令来解决它:httpd.confhttpd-vhosts.conf
Options Indexes FollowSymLinks Includes ExecCGI
默认情况下,全局目录设置为:(httpd.conf line ~188)
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
将选项设置为:Options Indexes FollowSymLinks Includes ExecCGI
最后,它应如下所示:
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
还可以尝试更改 和 行 。Order deny,allowAllow from allRequire all granted
附录
目录索引源代码(为简洁起见,删除了一些代码)
if (allow_opts & OPT_INDEXES) {
return index_directory(r, d);
} else {
const char *index_names = apr_table_get(r->notes, "dir-index-names");
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
"Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
"server-generated directory index forbidden by "
"Options directive",
r->filename,
index_names ? index_names : "none");
return HTTP_FORBIDDEN;
}
评论
42赞
Radu
10/20/2012
此外,还应检查文件夹的权限,以便 Apache 进程的所有者有权读取/执行虚拟主机的指定路径。在 Windows 上,这很少会成为问题,但在 Linux 上,它可能是 403 的更常见原因。
77赞
Simon A. Eugster
7/24/2013
我还必须更改为 Apache 2.4。请参阅此处:httpd.apache.org/docs/2.4/upgrading.htmlOrder deny,allow, Allow from allRequire all granted
52赞
pylover
10/28/2013
只有在添加它之后才起作用Require all granted
1赞
Stephane Paquet
1/20/2014
@pylover 没有,搞砸了我的配置......(这家伙的那个太 stackoverflow.com/questions/19263135/ 了......)
8赞
RiggsFolly
6/5/2016
这个答案是大错特错的!你永远不应该设置在“那只是黑客的喜悦”部分Allow from all<Directory />httpd.conf
6赞
WASIM ASHRAF
12/2/2012
#3
还有另一种方法可以解决这个问题。假设您想访问位于 的目录“subphp”,并且您想使用 访问它,并且您收到如下错误:/var/www/html/subphp127.0.0.1/subphp
您无权访问此服务器上的 /subphp/。
然后将目录权限从“无”更改为“访问文件”。命令行用户可以使用 chmod 命令来更改权限。
评论
2赞
Vishal Kumar Sahu
11/26/2017
有半点赞选项吗?
12赞
Dominic
12/18/2012
#4
我遇到了同样的错误,多年来一直无法弄清楚问题所在。如果您碰巧使用包含 SELinux 的 Linux 发行版(例如 CentOS),您需要确保为文档根文件正确设置了 SELinux 权限,否则您将收到此错误。这是一组与标准文件系统权限完全不同的权限。
我碰巧使用了教程 Apache 和 SELinux,但是一旦您知道要寻找什么,似乎就会有很多。
评论
0赞
yellavon
6/21/2013
谢谢!SELinux 导致了我的问题。我禁用了它,现在我可以访问默认 /var/www/ 目录之外的 html 文件。现在,我将看一下本教程,看看我是否可以启用和配置它,以便我仍然可以访问我的文件。
0赞
errolflynn
1/4/2020
你知道为什么命令会把所有东西都带回去而不是 or 吗?类型会导致错误。restorecon /var/www/*var_thttp_sys_content_ttmp_tvar_t403 Forbidden
20赞
jose.marke01
12/29/2012
#5
我通过将我的用户添加到 .httpd.conf
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
#User daemon
User my_username
Group daemon
评论
2赞
dbf
12/29/2012
答案没有意义。 给了两次,最后一次是,怎么了?另外,请修正您回答的风格,这是非常不可读的,什么应该在里面,什么不应该。它也没有解释为什么这解决了这个问题UserUsermyuserUser deamonhttpd.conf
2赞
anc1revv
3/25/2014
我只是将我的“用户”和“组”更改为我的用户名,这也对我有用。
2赞
Richard Ortega
4/12/2014
先生,您真是天赐之物!我无法弄清楚这一点,并且将我的用户和组更新到我所在的用户效果很好。当我复制生产 VM 并为开发 VM 设置新用户时发生。
0赞
mafonya
12/24/2019
这个答案对我最有帮助
138赞
Giles Roberts
1/31/2013
#6
在默认 /var/www/ 之外托管的目录的一个常见问题是,Apache 用户不仅需要对托管站点的目录和子目录的权限。Apache 需要对所有目录的权限,一直到托管站点的文件系统的根目录。Apache 在安装时会自动获得分配给 /var/www/ 的权限,因此,如果您的主机目录位于该目录的正下方,则不适用于您。编辑:Daybreaker报告说,他的Apache是在没有正确访问权限的情况下安装的。
例如,你有一台开发计算机,你的站点的目录是:
/username/home/Dropbox/myamazingsite/
您可能认为您可以逃脱:
chgrp -R www-data /username/home/Dropbox/myamazingsite/
chmod -R 2750 /username/home/Dropbox/myamazingsite/
因为这给了 Apache 访问您站点目录的权限?嗯,这是正确的,但这还不够。Apache需要目录树的权限,所以你需要做的是:
chgrp -R www-data /username/
chmod -R 2750 /username/
显然,我不建议在不分析该目录结构中的内容的情况下,将生产服务器上的 Apache 访问权限授予完整的目录结构。对于生产环境,最好保留默认目录或其他仅用于保存 Web 资产的目录结构。
编辑2:正如u/chimeraha所指出的,如果你不确定你正在用权限做什么,最好将你网站的目录移出你的主目录,以避免可能将自己锁定在主目录之外。
评论
2赞
daybreaker
3/10/2013
你的回答帮了大忙。由于某种原因,我的 /var/www 没有设置为 apache 用户访问。谢谢!
1赞
Giles Roberts
3/28/2013
@Craig这就是进步。这意味着您已经解决了初始权限问题。开始查看您的 Apache / 应用程序日志文件,以确定导致 500 错误的原因。
5赞
seniorpreacher
3/5/2014
多亏了这个答案,我成功地将自己锁定在 /home 目录树中...... :)
1赞
anc1revv
3/25/2014
这样做:chgrp -R apache /username/ 为我解决了这个问题!但就像 Edifice 一样,现在我无法访问我的主目录树,除非我 chgrp 返回给我的用户。所以现在我需要更改为我的原始用户,以便通过 git 拉入我的更改。然后改回 apache 以重新部署我的服务器。这是唯一的办法吗?
1赞
Tebe
6/24/2014
chmod -R 2750 - 数字 2 是什么意思?7 - 所有者的 RWE 权限,5 - 组的 re 权限,0 - 其他人的 Nothing。但什么是 2 ?谢谢
199赞
Czar Pino
2/3/2013
#7
我知道这个问题已经解决了,但我碰巧自己解决了同样的问题。
原因
禁止访问 您无权访问此服务器
实际上是 中 Apache 目录的默认配置。httpd.conf
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all # the cause of permission denied
</Directory>
只需更改为即可解决权限问题。Deny from allAllow from all
或者,更好的方法是在虚拟主机配置上指定单个目录权限。
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Allow from all
</Directory>
....
</VirtualHost>
然而,从 Apache-2.4 开始,访问控制是使用新模块完成的(从 2.2 升级到 2.4)。因此,应使用新指令。mod_authz_hostRequire
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Require all granted
</Directory>
....
</VirtualHost>
评论
0赞
7stud
8/20/2014
OSX 10.6.8 上的 Apache/2.2.24。1)这篇文章,以及2)这里的说明:thegeekstuff.com/2011/07/apache-virtual-host(您将收到一条警告,指出该行不执行任何操作,因此您可以将其删除。您还必须为日志文件创建目录。NameVirtualHost *:80
2赞
7stud
8/20/2014
3)将该行添加到文件/private/etc/hosts的底部对我有用。如果您有 Apache 设置来监听,例如端口 8080,则使用 ,就像您必须使用 url 一样,您需要使用 url 。4)最后,我选择了@hmoyat的<目录>配置(在其他答案之一中),因为它看起来更具体。127.0.0.1 web_site_name.com<VirtualHost *:8080>http://localhost:8080http://web_site_name.com:8080
1赞
Czar Pino
1/18/2015
嗨,@eagor。请务必同时启用 MCrypt 扩展(而不仅仅是安装它)。该错误也与PHP比Apache更相关,因此您需要尝试 stackoverflow.com/q/16830405/1349295 或类似的线程。
3赞
robson
9/20/2015
请耐心等待授予对根目录的访问权限。这是不安全的。更好的是授予对特定目录的访问权限(您要向公众显示)。
1赞
Czar Pino
6/6/2016
对于使用过 的 ,推荐的设置访问权限的方法是按目录(即 )。我之前使用的示例显然授予远程主机对整个文件系统的访问权限。我目前不知道破解者如何利用这一点,除了提供比需要的更多权限是一个基本的安全禁忌。为了后代,我更新了我的答案。对于缺乏对安全性的了解,我们深表歉意。httpd.apache.org/docs/current/misc/......<Directory /><Directory "/path/to/docroot"><Directory />
23赞
Sonu
2/27/2013
#8
如果您使用的是 WAMP 服务器,请尝试以下操作:
单击任务栏上的 WAMP 服务器图标
选择联机选项
您的服务器将自动重新启动
然后尝试访问您的本地网站
0赞
Antony P.
3/21/2013
#9
我只对特定控制器有同样的问题 - 这真的很奇怪。我在 CI 文件夹的根目录中有一个文件夹,该文件夹与我尝试访问的控制器同名......因此,CI 将请求定向到此目录,而不是控制器本身。
删除此文件夹(有点错误地存在)后,一切正常。
为了更清楚,这是它的样子:
/ci/controller/register.php
/ci/register/
我不得不删除./ci/register/
评论
0赞
pgee70
6/5/2014
有时 CodeIgniter 会使用 .htaccess 文件来阻止直接访问。使用 ls -Al 查看以确保没有隐藏文件。
0赞
James
8/5/2013
#10
检查文件的确切位置,不要将它们嵌套在“文档”文件夹中。
例如,我犯了一个错误,将我的代码放在前面提到的“文档”文件夹中,这是行不通的,因为文档明确地只对你可用,而对APACHE不可用。尝试将其向上移动一个目录,您可能看不到此问题。
从以下位置移动文件夹:
/用户/YOUR用户名/文档/代码
到这里: /用户/YOUR用户名/代码
0赞
Julien BRENELIERE
9/18/2013
#11
只是为了在我遇到这个问题时带来另一个贡献:
我配置了一个我不想配置的 VirtualHost。我已经注释掉了 vhost 的包含发生的行,并且它起作用了。
4赞
dev4life
6/6/2014
#12
(在 Windows 和 Apache 2.2.x 中)
“禁止访问”错误也是由于未定义虚拟主机而导致的。
正如 Julien 所指出的,如果您打算使用 virtual ,请转到 httpd 文件并取消注释以下行:hosts.conf
#Include conf/extra/httpd-vhosts.conf
然后,在 Apache 中添加虚拟主机定义并重新启动 Apache。conf/extra/httpd-vhosts.conf
70赞
hmoyat
7/10/2014
#13
Apache 2.4 中的一些配置参数已更改。我在设置 Zend Framework 2 应用程序时遇到了类似的问题。经过一番研究,解决方案如下:
配置不正确
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny #<-- 2.2 config
Allow from all #<-- 2.2 config
</Directory>
</VirtualHost>
正确的配置
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Require all granted #<-- 2.4 New configuration
</Directory>
</VirtualHost>
如果您计划从 Apache 2.2 迁移到 2.4,这里有一个很好的参考:http://httpd.apache.org/docs/2.4/upgrading.html
评论
0赞
Mladen Ilić
8/23/2016
谢谢!你的回答是正确的!
0赞
M. Reza Nasirloo
7/18/2014
#14
更改配置文件后,不要忘记 .Restart All Services
我在上面浪费了三个小时的时间。
25赞
Rocky Inde
7/22/2014
#15
在使用 Apache 14.04 的 Ubuntu 2.4 上,我做了以下操作:
在文件 apache2.conf 中添加以下内容(在 apache2.conf 下):/etc/apache2
<Directory /home/rocky/code/documentroot/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
并重新加载服务器:
sudo service apache2 reload
编辑:这也适用于带有Apache 2.4的OS X Yosemite。最重要的一句话是
要求全部授予
3赞
JackDev
8/1/2014
#16
我遇到了同样的问题,但是由于我将apache上的路径更改为var / www之外的文件夹,因此我开始遇到问题。
我通过在 var/www/html > home/dev/project 中创建一个符号链接来修复它,这似乎可以解决问题,而无需更改任何权限......
评论
1赞
oscar.fimbres
8/21/2016
非常感谢你,知道这一点,你为我节省了太多工作!
7赞
Dan
10/6/2014
#17
如果您使用的是 MAMP Pro,则解决此问题的方法是选中 - 选项卡下的复选框。IndexesHostsExtended
在 MAMP Pro v3.0.3 中,如下所示:
评论
0赞
munsifali
10/9/2016
谢谢它对我有用。
25赞
Vy Do
11/27/2014
#18
如果你将 CentOS 与 SELinux 一起使用,请尝试:
sudo restorecon -r /var/www/html
查看更多: https://www.centos.org/forums/viewtopic.php?t=6834#p31548
2赞
dastan
4/28/2015
#19
试试这个,不要添加任何东西和其他内容:Order allow,deny
AddHandler cgi-script .cgi .py
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
Allow from all
</Directory>
sudo a2enmod cgi
sudo service apache2 restart
3赞
Adam Hollock
5/11/2015
#20
我遇到了这个问题,我的解决方案是 www-data 没有正确的文件夹,而是我将其设置为其中一个用户拥有它。(我试图做一些花哨但错误的诡计来让 ftp 玩得很好。
运行后:
chown -R www-data:www-data /var/www/html
计算机再次开始提供数据。您可以通过以下方式查看当前拥有该文件夹的人
ls -l /var/www/html
48赞
mpgn
6/5/2015
#21
使用 Apache 2.2
Order Deny,Allow
Allow from all
使用 Apache 2.4
Require all granted
从 http://httpd.apache.org/docs/2.4/en/upgrading.html
评论
0赞
crmpicco
7/17/2015
这是一个重要的区别。 在 Apache 2.4 中不起作用。Allow from all
2赞
Diego Sousa
9/20/2015
谢谢你@mpgn,你帮了我很多。
0赞
Rajveer gangwar
3/6/2019
这就是我一直在寻找的答案
0赞
Iman Marashi
6/26/2015
#22
您可以像以下代码一样更改文件:youralias.conf
Alias /Quiz/ "h:/MyServer/Quiz/"
<Directory "h:/MyServer/Quiz/">
Options Indexes FollowSymLinks
AllowOverride all
<IfDefine APACHE24>
Require local
</IfDefine>
<IfDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from localhost ::1 127.0.0.1
</IfDefine>
</Directory>
0赞
Ekene
11/15/2015
#23
请记住,在这种情况下要配置的正确文件不是 phpMyAdmin 别名中的 httpd.conf,而是 .bin/apache/your_version/conf/httpd.conf
查找以下行:
DocumentRoot "c:/wamp/www/"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
确保它设置为...Allow from all
如果没有,phpMyAdmin 甚至可能有效,但不能使用您的根目录和它下的其他文件夹。另外,记得重新启动WAMP,然后上线...
这解决了我的头痛。
评论
0赞
RiggsFolly
6/5/2016
这个答案是大错特错的!你永远不应该设置或在那部分只是一个黑客的喜悦Allow from allRequire all granted<Directory />httpd.conf
0赞
Programster
6/9/2016
#24
在运行 docker 构建之前,使用 SSHFS 从本地文件系统挂载 VirtualBox 客户机中的文件时,我遇到了这个问题。最后,“解决方法”是将所有文件复制到 VirtualBox 实例中,而不是从 SSHFS 挂载内部构建,然后从那里运行构建。
0赞
jerinisready
6/26/2016
#25
工作方法(除非没有其他问题)
默认情况下,Apache 不限制来自 IPv4(通用外部 IP 地址)的访问
受限制的是 '' 中给出的命令。httpd.conf
全部替换
<Directory />
AllowOverride none
Require all denied
</Directory>
跟
<Directory />
AllowOverride none
# Require all denied
</Directory>
因此取消了对Apache的所有限制。
替换为 C:/wamp/www/ 目录。Require localRequire all granted
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
# Require local
</Directory>
评论
0赞
Peter Mortensen
7/2/2016
真的是“<Directory />”(两个实例)吗?不应该是“<目录>”吗?
0赞
James
9/18/2016
第一个接收目录路径<Directory {/path/to/your/dir}>
4赞
shellbye
8/19/2016
#26
我使用Mac OS X,就我而言,我只是忘记在apache中启用php,我需要做的就是取消注释中的一行:/etc/apache2/httpd.conf
LoadModule php5_module libexec/apache2/libphp5.so
有关详细信息,请参阅本文。
2赞
José Lozano Hernández
1/26/2017
#27
此解决方案不允许所有
我只想更改我的公共目录 www,然后从我的 PC 和通过 Wifi 连接的手机访问它。我有 Ubuntu 16.04。
所以,首先,我修改了 /etc/apache2/sites-enabled/000-default.conf 并更改了 DocumentRoot /var/www/html 行 对于我的新公共目录 文档根目录“/media/data/XAMPP/htdocs”
然后我修改了 /etc/apache2/apache2.conf,我把权限放在了 localhost 和我的手机上,这次我用了 IP 地址,我知道它并不完全安全,但对我的目的来说没关系。
<Directory/> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from localhost 10.42.0.11 </Directory>
2赞
washere
4/30/2017
#28
RiggsFolly 在其他地方为我回答了这个问题,很简单:
在 Apache conf 文件夹中编辑文件:httpd-vhost.conf:
在 Directory 嵌套中添加以下小行:
Require ip 192.168.1
重新启动服务器,apache或Wamp或您拥有的任何东西。
就是这样,现在您的所有 HOME 设备(IP 范围 192.168.1.xxx)都可以看到您的 PC 服务器。请注意,您只添加 ip 号的前 3 部分)。
如有任何问题,请退出防火墙进行测试。
要查看您的网络设备的 IP 号码,请下载适用于 PC 或 android 的“IP 扫描仪”软件(周围有很多免费软件),从 Play 商店获取 Fing。
1赞
Lakshmi
10/14/2017
#29
I changed
Order Deny,Allow
Deny From All in .htaccess to " Require all denied " and restarted apache but it did not help.
ubuntu 中 apache2.conf 的路径是 /etc/apache2/apache.conf
然后我在apache2.conf中添加了以下行,然后我的文件夹工作正常
<Directory /path of required folder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
and run " Sudo service apache2 restart "
1赞
Sal Borrelli
7/17/2018
#30
我知道这个问题已经有几个答案了,但我认为有一个非常微妙的方面,虽然提到了,但在之前的答案中没有得到足够的强调。
在检查Apache配置或文件权限之前,让我们做一个更简单的检查,以确保构成要访问的文件的完整路径的每个目录(例如文档根目录中的index.php文件)不仅是可读的,而且可由Web服务器用户执行。
例如,假设文档根目录的路径是“/var/www/html”。您必须确保所有 “var”、“www” 和 “html” 目录都是 Web 服务器用户(可读且)可执行的。就我而言(Ubuntu 16.04),我错误地从“html”目录中删除了“others”组的“x”标志,因此权限如下所示:
drwxr-xr-- 15 root root 4096 Jun 11 16:40 html
正如你所看到的,Web服务器用户(在这种情况下,“其他”权限适用于他们)没有对“html”目录的执行访问权限,而这正是问题的根源。发出以下命令后:
chmod o+x html
命令,问题得到了解决!
在以这种方式解决之前,我已经尝试了此线程中的所有其他建议,并且由于该建议被埋没在我几乎是偶然发现的评论中,我认为在这里强调和扩展它可能会有所帮助。
评论
.htaccess