I have a script giving me error 403 Forbidden error, it's just a copy of another script but the difference in this is that both use another mysql class to access database.
My whole project is complete and this is last file so I don't want to do the whole work again for a single file.
Server logs shows that client denied by server configuration:
What should I look for?
I have tried the following:
Permissions are 644
New file with just simple echo gives 403 too
Changed name of folder
However, index.php works perfectly.
Check the permissions and also ownership of the file. Generally, 403 means that the web server doesn't have the rights to read the file and therefore can't continue the request. The permissions may be set correctly, however the file might be owned by another account on the server - an account that isn't part of the same group as the account which is running the server.
For instance, I believe* Apache is ran by default under the httpd user account, which is part of the httpd group. However, the FTP user you're logging in as (for instance ftpuser) might not be part of the httpd group. So, in copying the file you've created it under a different user account and Apache won't get execute access with 644.
* it's been a while since I've used apache, but it's similar under nginx.
This isssue occurs if you have had denied for all in .htaccess file. Changing that resolves the issue.
I had the same problem. The .htaccess file in my root folder has this code:
<Files ~ "\.(php|php5|py|jsp|cgi|sh)$">
Require all denied
</Files>
But there was a folder /example where I needed to call php files, so I created a .htaccess file in that specific folder with this content:
<Files ~ "\.(php)$">
Require all granted
</Files>
Note: I am running Apache 2.4
Related
I have a Windows Server 2019 running web server Apache 2.4 PHP8 with user "Local System". This server is not in a Domain and I want to mantain the user "Local System" which executes the services for security reasons.
In a PHP script I want to execute scandir to a network folder "\srv-data\documents" and I want to configure Apache to use another user to access this folder.
Then:
I create the file .htpasswd with username "user.data" and relative password
I add these line into the apache configuration file:
<Directory "\\srv-data\documents\">
AuthType Basic
AuthName "Access only allowed for user.data"
AuthUserFile .htpasswd
Require user user.data
</Directory>
I restart the service.
If I try to execute the PHP script, the web server still returns "access is denied (code 5)".
The user credentials are stored into the Windows Server 2019 and the destination server and if I try to access with file explorer with "user.data" user it works, then I think it is a bad configuration on apache configuration file
Thank for you help
Best regards
Matteo
I tried to add some double quotes to reference the .htpasswd files, I tried to change something else to the configuration but it still not works.
The web server must continue to be run by the "Local Server" user and the same web server must access to the directory "\srv-data\documents" with the different user "user.data"
I have an internal webserver with ubuntu and Apache configured on it.
I have given the access to /opt/data_upload so that I can make use of this directory to save images uploaded from PHP and fetch it back on Ajax Get Request.
My Apache config in /etc/apache2/apache2.conf looks like this
Alias /data_uploads "/opt/data_uploads/"
<Directory "/opt/data_uploads/">
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride all
Order allow,deny
Allow from all
</Directory>
But the problem is that when I do http://123.45.67.89/data_uploads from browser it is fully accessible to everyone which is dangerous and anyone can see the images uploaded there.
To avoid this i tried to Require all denied now i get 403 but also my all Ajax get requests are also failed.
Now i want to make my website to access it but if someone tries to access http://123.45.67.89/data_uploads should say 403, How can i overcome with this issue ?
In your configuration you give access to everyone to your upload directory.
You must remove this, or only allow your IP.
But in your case, what you want is to permit your users to upload, and download files that they are allowed to.
It means you want their http requests be able to upload/download files. These http request won't access the upload directory directly but they will call your php application.
Then it's your php application that would be able to upload to this directory (then write to this directory) and read from this directory.
For this you have to give read/write permissions to the apache user running process with something like chmod and/or chown.
And finally, you'll have to write a PHP controller able to treat upload and download calls. That php code will write and read from your upload directory.
I'm trying to host a new blog where I can add posts using a simple HTML form & PHP script. When I test out the form on my localhost everything works fine, but when I upload it and test it live I get:
Forbidden
You don't have permission to access /php/add-post.php on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
I know that my host allows this type of script because I'm using exactly the same thing on another blog, and my permissions are set to 0755. Does anyone know what the problem might be & how to solve it?
Add the below code in .htaccess file
<Files add-post.php>
Order Deny,Allow
Deny from all
Allow from all
</Files>
Or run command to provide permission to folder
chmod 774 /path/to/php/add-post.php
I've seen a lot of questions on here regarding files not being accessible due to permissions with LAMP but nothing about making files unviewable by the http client using permissions.
I have files and folders in my Apache2 root folder that I don't want people to be able to access via their browser or by other external means. I set the permissions to 770, but this doesn't seem to be enough. Do outside users access files as the apache user?
I'm running LAMP under Ubuntu Server with little modifications to the defaults, thus my apache user is www-data, group is :www-data, and the apache root is /var/www.
I have a /var/www/_private folder that has 770 permissions and the same permissions on its enclosed files. However, if I access these files through a browser, they are still viewable. Are clients accessing my files as the www-data user? If so, how do I rectify this?
I've worked on hosted setups where setting the "other" permissions to 0 was sufficient for denying outside direct access to files. Do I need to install some extra module to gain this functionality?
Note: I still need my accessible-to-the-client PHP scripts to access these files via includes, fopen, etc...
Well, right, 770 means that the owner of the file and the group can read, write and execute it. I'm going to guess the Apache is the owner of that file, thus allowing it to access it and open it to the world.
Instead of modifying the permissions on the server, and possibly causing harm to the accessibility of the file, why don't you use an .htaccess file. It will instruct Apache to take actions in certain instances, like denying access to a file. Simply create the .htaccess file in the root of the website with
<Files {your file name here}>
deny from all
</Files>
and you'll deny everyone from accessing it with Apache.
And if you want to deny an entire directory:
<Directory /var/www/_private>
Order Deny,allow
Deny from all
</Directory>
I have a processing file for my website's payments. It works just fine, but what I would like to do is log all the requests to this page so that if anything throws an error, the raw data is saved and I can process the transaction manually. The processing file uses fopen to write to the log file in another directory.
What I have right now is a separate folder on my root directory with permissions 755. Then a log file inside with permissions 777. The processing file that writes to the log file, in PHP if that matters, is set to 777.
This works right now, but the log file is publicly available. I know I can be doing this better and that the permissions aren't correct. How can I do this better?
Put the log file outside the document root. The PHP script that writes to it will still be able to get to it (via the full path) but Apache won't be able to serve it.
I came across this whilst searching the answer for myself. I don't believe there is a simple "permissions fix" to do what you want and perhaps the safest way is to put the log files outside of public_html directory.
However this can be a nuisance sometimes - especially if you are wanting to e.g. catch paypal ipn dump text in a log file, but not have it publicly accessible.
In such cases, you can use .htaccess file directives to allow write from script, but deny reading from public access.
For example, this works for me (Apache .htaccess in root public_html folder);
<FilesMatch "mycustom\.log">
Order allow,deny
Deny from all
</FilesMatch>
and if you have multiple logs you want to protect, use it like this, with "Pipe Separated";
<FilesMatch "mycustom\.log|ipn_errors\.log">
Order allow,deny
Deny from all
</FilesMatch>
It is worth noting that the above directives are deprecated as of apache 2.4 and you may wish to consider using more current directives instead: https://httpd.apache.org/docs/2.4/howto/access.html
Hope that helps you!