使用 Apache 修复别名目录上的 403 Forbidden
我正在尝试设置一个别名来指向我的文件系统上不在 DocumentRoot 中的某个目录。现在我收到 403 Forbidden 响应。以下是采取的步骤: 1. 编辑 http.conf,添加:
Alias /example "/Users/user/Documents/example"
然后...
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all</Directory>
2. 在终端中使用 chmod 设置权限:
chmod 755 /Users/user/Documents/example
现在应该可以工作了吗?相反,我的访问被禁止。这是 error_log 的输出:
[Sun Jul 24 06:57:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /example denied
I am trying to setup an alias to point to some directory on my filesystem not in DocumentRoot. Now I get a 403 Forbidden response. These are the steps taken:
1. edit http.conf, adding:
Alias /example "/Users/user/Documents/example"
then...
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all</Directory>
2. setting permissions with chmod in terminal:
chmod 755 /Users/user/Documents/example
Now it should work? instead I get the access forbidden. This is the output from error_log:
[Sun Jul 24 06:57:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /example denied
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(11)
我在 OS X 上也遇到了这个问题。事实证明 gliptak 是正确的,但我还有更多细节需要添加。
我们都尝试为用户主文件夹下的文件夹配置虚拟目录;我认为这就是我们遇到问题的原因。就我而言,我进行了以下设置:
/Users/calrion。/Users/calrion/Path/to/www。/Users/calrion/Path指向/Volumes/Other/Users/calrion/Path。问题是用户和组
_www(Apache 在 OS X 上运行)缺乏对/Users/calrion和/Volumes/Other/Users/ 的执行访问权限卡里翁。运行 chmod o+x /Users/calrion 和 chmod o+x /Volumes/Other/Users/calrion 解决了该问题(在 OS X 10.7.4 上)。
这里的规则是,Apache 需要对路径中的所有文件夹进行执行访问才能提供文件。如果没有这个,您将收到 HTTP 403(禁止)。
I was having this issue on OS X too. It turned out gliptak was right, but I've some more detail to add.
We're both attempting to configure a virtual directory for a folder under a user's home folder; I think this is why we're having the problem. In my case, I had the following setup:
/Users/calrion./Users/calrion/Path/to/www./Users/calrion/Pathpointing to/Volumes/Other/Users/calrion/Path.The problem was the user and group
_www(which Apache runs as on OS X) lacked execute access to/Users/calrionand/Volumes/Other/Users/calrion.Running
chmod o+x /Users/calrionandchmod o+x /Volumes/Other/Users/calrionresolved the issue (on OS X 10.7.4).The rule here is that Apache requires execute access to all folders in the path in order to serve files. Without this, you'll get a HTTP 403 (forbidden).
最后一根稻草;)目录条目中需要本地...
就像
其他一切都不起作用一样(正确的别名,httpd.conf 中的目录条目和正确的 mod/usr/grp)。
请记住:如果您将站点放在用户空间中,则 apache 用户(运行 httpd)需要访问您的家!
The last straw ;) Required local in the Directory Entry...
like
if everything else doesn't work (correct Alias, Directory Entry in httpd.conf and correct mod/usr/grp).
keep in mind: if you put your site in user-space the apache user (running httpd) needs access to your home!
检查
/Users/user/Documents/、/Users/user/的权限(首先强制执行更高级别的权限...)/bin/su 进入运行 Apache 的用户(如 www、www-data)并cat目录中的/Users/user/Documents/example文件。这可能会指出您的设置存在权限问题。Check permission on
/Users/user/Documents/,/Users/user/(higher level permissions are enforced first ...)/bin/suinto the user running Apache (like www, www-data) andcata file in the/Users/user/Documents/exampledirectory. That might point you to permission problems with your setup.这些都是非常好的答案。
他们都不为我工作。
我在 OSX 服务器中指定了一个指向用户目录的别名。我花了很长时间 chmodding 和弄乱 _www 用户,递归地添加可执行权限,卸载 macports 和各种试图让它工作的东西。我试过777。不行。不知道为什么它不起作用。
最终,我刚刚在 Finder 中选中了该文件夹的“共享文件夹”复选框,它在指定的域上工作,并且 php 处于活动状态,按照我想要的方式工作。 :/ ...所以这很容易。
These are all very good answers.
None of them worked for me.
I have an alias specified in OSX server pointing to a user directory. I spent a long while chmodding and messing with _www user, adding executable permissions recursively, uninstalling macports and all sorts of stuff trying to get this to work. I tried 777. Nope. No idea why it wasn't working.
Eventually, I just checked the "shared folder" checkbox in the Finder for that folder, and it worked, on the specified domain, with php active, the way I wanted it to. :/ ...so that was easy.
我刚刚遇到了同样的问题。我发现 SE_Linux 已启用,并且 Aliased 目录中文件的安全上下文不正确,缺少 httpd_sys_content_t。
您可以使用 ls -Z 来查看安全上下文。如果您的文件/文件夹没有 httpd_sys_content_t 那么 apache 将不会为它们提供服务!您可以使用 chcon -R --type=httpd_sys_content_t /new_html_directory 等内容添加适当的上下文。这将更改目录中当前文件的上下文,但不会更改之后添加的任何文件(为此您需要使用 semanage)。您的另一个选择是将文件保留在 /var/www 下。
I was just having this exact same issue. What I found was SE_Linux was enabled, and the security context of the files in my Aliased directory was incorrect, missing httpd_sys_content_t.
You can view the security context with
ls -Z. If your files/folders don't have httpd_sys_content_t then apache won't server them up! You can add the proper context with something likechcon -R --type=httpd_sys_content_t /new_html_directory. This will change the context of the files currently in the directory, but not any files that are added afterwards (for that you'll need to work with semanage). Your other option is to just leave the files under /var/www.以下是为我修复的内容:
在
/etc/apache2/httpd.conf中此更改实现了 apache 从 2.2 更新到 2.4。 OSX Yosemite 更新带来了 apache 更新(PSA:如果您计划升级到 Yosemite,请预算自己一周的时间来修复它损坏的所有内容)。
奇怪的是,我已经让 apache 2.4 工作了,突然又坏了……
PSA:如果你打算升级到 Yosemite,请给自己一周预算来修复它坏掉的所有东西
Here's what fixed it for me:
in
/etc/apache2/httpd.confThis change implements changes made in the apache update from 2.2 to 2.4. The OSX Yosemite update brought the apache update with it (PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks).
The weird thing is that I already got apache 2.4 working, and suddenly it breaks again....
PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks
经过大量时间浪费后,我解决了这个问题,我想分享以节省您的时间。
上面和其他帖子上的所有绅士在他们的答案中都有一些正确的部分,但以下是总和
在您的“/etc/apache2/httpd.conf”文件中:
1-更改您的文档根目录
2-更改
原始:
更改为:
3-更改:
原始:
更改为:
4-最后,如果您是超级用户,您可能不需要此步骤,这是为了在新的根文件夹上设置正确的权限
希望这会有所帮助
After lots of time waste i fixed the issue and i wanted to share to save your time.
All the gentelmen above and on other posts has some correct parts in their answers but below is the sum
In your "/etc/apache2/httpd.conf" file:
1- change your document root
2- change
Original:
Change to:
3- Change:
Original:
Change to:
4- Finally, you might not need this step if you are the supper user, this is to set the right permition on your new root folder
Hope this will help
它看起来确实是正确的,请进行健全性检查。
您重新启动了 apache
检查组和用户所有权
我认为引号可以删除
/Users/user/Documents/example 中有东西吗?
尝试 777
-sean
It certainly does look right, do a sanity check.
you restarted apache
check group and user ownership
I think the quotes can be removed
there is something in /Users/user/Documents/example ?
try 777
-sean
SELinux 是我的罪魁祸首。如果您在 Linux 机器上遇到此问题,并且您的别名和文件权限正确,请尝试执行“setenforce 0”将 SELinux 置于宽松模式。这对我来说很有效。
SELinux was the culprit for me. If you're having this issue on a linux box and your alias and file permissions are correct than try doing a "setenforce 0" to put SELinux into permissive mode. That did the trick for me.
我必须恢复我的 apache 配置文件,然后再次设置服务器。发现这很有用:
https://apple.stackexchange.com/questions/ 41143/如何恢复默认-mac-apache-安装到原始
I had to revert my apache config file and then set up the server again. found this useful:
https://apple.stackexchange.com/questions/41143/how-to-revert-default-mac-apache-install-to-original
快速解决方案:
在 Linux 上以 root 身份使用以下命令:
Quick Solution:
Use these commands as root on Linux: