How to solve the apache error "Forbidden: You don't have permission to access this resource."
Apache is one of the most commonly used web servers throughout the web. It is easy to configure, easy to install and customizable. However, you may occasionally come across one of the most common errors when you are just starting out with this great web server and it is the following:
Forbidden
You don't have permission to access this resource.
The first step is to keep in mind the URL you are accessing, whether it is a URL of any virtual host or the general URL such as 127.0.0.1. The next thing you should do is identify the apache configuration files.
sudo apachectl -D DUMP_INCLUDESYou will get a response similar to the following
Included configuration files:
(*) /etc/apache2/apache2.conf
(146) /etc/apache2/mods-enabled/access_compat.load
(146) /etc/apache2/mods-enabled/alias.load
(146) /etc/apache2/mods-enabled/auth_basic.load
...Once this is done, you must find the configuration of the URL you are accessing, it could be in the general configuration or in some virtual host configuration.
vim /etc/apache2/apache2.confAfter this, keep in mind the path of the files that this configuration is pointing to.
<VirtualHost *:80>
DocumentRoot /var/www
....
ErrorLog ${APACHE_LOG_DIR}/error.log
...
<VirtualHost>
Reading the log
The apache log can tell you the exact error that is occurring and causing the "Forbidden". For this, you must have identified in advance the configuration of the site or URL you are entering. Once this is done, see where the ErrorLog is pointing to and place the console on hold while you replicate the error.
tail -fn0 /var/www/logs/apache2/error.logIf you cannot replicate the error, you can take a look at the last lines of the log.
tail -fn 30 /var/www/logs/apache2/error.logPermissions for Apache web server
The folders under Apache must have the Apache group (www-data/apache) among other permissions so that they can be read. Each operating system may have a different Apache user/group. To make sure which Apache user you have on your operating system, you can run the following command:
cat /etc/group | grep 'apache\|www'Once this is done, assuming for example that the user is www-data, you must assign the group to the folder where your project(s) is (are) located. This folder can be the one that comes configured with the apache default installation or a path of your choice such as /home/user/www. For this example we are going to assume that the folder of your projects is /var/www.
The first thing you should do is change the group and user of the Apache projects folder.
sudo chown -R your-user:www-data /var/wwwAnother recommendation is to change the ownership of this directory and all its subdirectories to add the group, the write permissions and configure the group ID for directories that are created from now on.
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;Finally, we can change permissions for all files within the path (including its subdirectories) to add the group and write permissions.
find /var/www -type f -exec sudo chmod 0664 {} \;www<Directory> Directive
This directive tells Apache which files are authorized to be read. This configuration is generally in the main config apache2.conf or httpd.conf. Assuming your Apache file folder is /var/www, you should have the following configuration.
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
In case it is a different folder, for example /home/username/www, you should have a similar configuration to the following:
<Directory /home/username/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Note: If you choose a different folder from the default folder, you must make sure that search permission exists on all path components.
When you use a folder for Apache such as your user's folder, you must make sure it has search permissions on all components. That is, the directories have execution permissions for the Apache group or for others. Generally the path of the user does not have these permissions, if this is the case, it can be fixed like this:
chmod o+x /home/username/Not having permissions for any component of the path will write an error similar to the following on the Apache log.
Permission denied: access to / denied (filesystem path '/home/username/www') because search permissions are missing on a component of the path
After these recommendations, you should no longer have any Forbidden problems on your server. See you next time.