Saturday, March 31, 2018

apache 2.2 - Access Denied for PHP Files Only





  • Apache HTTP Server 2.2.21 with VirtualHosts under SuExec

  • PHP 5.3.8 via fcgid

  • Arch Linux 2011.08.19



I am getting 403 Access Denied errors from Apache any time I try to access a PHP file. HTML files and text files work fine. I've played with every conceivable permissions combination on the PHP files I can think of, from 644 to 777. Doesn't change anything.



I also played with the permissions on the FCGI wrapper and parent folder. With o+x (777, 775, 773, 771), I get this in the browser:





Access forbidden!



You don't have permission to access the requested object. It is either
read-protected or not readable by the server.




…and this in the vhost error log:




client denied by server configuration: /srv/www/hostname/fcgid-bin/php-fcgid-wrapper





With o-x (776, 774, 772, 770, or below), I get this in the browser:




Forbidden



You don't have permission to access
/fcgid-bin/php-fcgid-wrapper/index.php on this server.




Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.




…and this in the log:




(13)Permission denied: access to /fcgid-bin/php-fcgid-wrapper/index.php denied





This is really boggling my mind seeing as my setup was working fine until I started getting this and I don't know what I possibly could have done to change that. /usr/bin/php-cgi and the wrapper both work fine with the exact same input files when called directly.



Here's my vhost config:




    ServerAdmin admin@hostname.com
    DocumentRoot "/srv/www/hostname/public/"
    ServerName hostname.com
    ServerAlias www.hostname.com
    SuexecUserGroup hostname hostname

    ErrorLog "/srv/www/hostname/logs/error.log"
    LogLevel debug
    CustomLog "/srv/www/hostname/logs/access.log" combined

    
        Order allow,deny
        Allow from all
    

    # http://www.linode.com/forums/viewtopic.php?t=2982

    
    
    
    
    
    
    
        AddHandler php-fcgi .php
        Action php-fcgi /fcgid-bin/php-fcgid-wrapper
        Alias /fcgid-bin/ /srv/www/hostname/fcgid-bin/


        
            SetHandler fcgid-script
            Options +ExecCGI
        

        ReWriteEngine On
        ReWriteRule ^/fcgid-bin/[^/]*$ / [PT]


Answer




    Order allow,deny

    Allow from all



That doesn't include /srv/www/hostname/fcgid-bin/; assuming there's no Allow applying to it elsewhere in your config, this is the problem. You'll need to Allow access to this location.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...