Apache 2.4.6 on Ubuntu Server: Client denied by server configuration (PHP FPM) [While loading PHP file]
Today I was updated Ubuntu server 13.04 (Raring Ringtail) → 13.10 (Saucy Salamander). And my Apache 2 installation is broken. Here my configuration:
File error.log
[Fri Oct 18 10:48:07.237170 2013] [:notice] [pid 8292:tid 139804677900160] FastCGI: process manager initialized (pid 8292) [Fri Oct 18 10:48:07.241185 2013] [mpm_event:notice] [pid 8289:tid 139804677900160] AH00489: Apache/2.4.6 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations [Fri Oct 18 10:48:07.241652 2013] [core:notice] [pid 8289:tid 139804677900160] AH00094: Command line: '/usr/sbin/apache2' [Fri Oct 18 10:48:28.313923 2013] [authz_core:error] [pid 8294:tid 139804573181696] [client 81.219.59.75:3536] AH01630: client denied by server configuration: /usr/lib/cgi-bin/php5-fcgi File default.conf
#EU #ServerName DocumentRoot /var/www/dev_stable DirectoryIndex index.php index.html index.htm Options Indexes FollowSymLinks MultiViews AllowOverride all Require all granted File mods-enabled/fastcgi.conf
# # AddHandler fastcgi-script .fcgi # FastCgiWrapper /usr/lib/apache2/suexec # FastCgiIpcDir /var/lib/apache2/fastcgi # AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization site_name/TEST/ Forbidden You don't have permission to access /php5-fcgi/TEST/index.php on this server. httpd.apache.org/docs/2.4/upgrading.html#run-time — # apache 2.4 change Allow from all and Order to Require
11 Answers 11
I have exactly the same issue. I ran a couple of virtual hosts on my local machine for developing.
First, I changed /etc/apache2/conf-available/php5-fpm.conf . I replaced every
Order Deny,Allow Deny from all The configuration has to be enabled by a2enconf php5-fpm . I did the same with my virtual hosts configurations and made the replacements.
I think this is not advised for security reasons, but as long as I use my server for local purposes only I can live with it.
I ran into this exact issue upon a new install of Apache 2.4. After a few hours of googling and testing I finally found out that I also had to allow access to the directory that contains the (non-existent) target of the Alias directive. That is, this worked for me:
# File: /etc/apache2/conf-available/php5-fpm.conf AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization # NOTE: using '/usr/lib/cgi-bin/php5-cgi' here does not work, # it doesn't exist in the filesystem! Require all granted Worth noting that I switched my entire php5-fpm.conf to the one above to get mine to work rather than just adding in the directory part.
Thanks @whyscream, this solved my problem. Actually, this Directory grant is defined in serve-cgi-bin.conf, but is loaded only if you enable cgi.load! I would improve the solution by adding the definition from serve-cgi-bin.conf: `
I ran into a similar problem today (but with mod_wsgi ). It might be an Apache 2.2-to-2.4 problem. A comprehensive list of changes can be found here.
For me, it helped to add an additional -entry for every path the error-log was complaining about and filling the section with Require all granted .
So in your case you could try
Require all granted Options FollowSymLinks and I had to move my configuration file from folder conf.d to folder sites-enabled .
All in all, that did the trick for me, but I don’t guarantee it works in your case as well.
+1 for the link to the Apache 2.2->2.4 change list. This should be required reading for everybody about to upgrade.
What file does that go into? /etc/apache2/apache2.conf ? Some file in /etc/apache2/mods-enabled/ ? Somewhere else?
I recently ran into the same problem. I had to change my virtual hosts from:
ServerName local.example.com DocumentRoot /home/example/public ServerName local.example.com DocumentRoot /home/example/public Beautiful, transfer a bunch of domains from a 2.2 server to a 2.4 server and kept the vhost.conf file to save time.. changed all to this and it fixed everything. Thanks so much
In apache2.conf , replace or delete
This worked in Ubuntu 14.04 (Trusty Tahr).
Your virtualhost filename should be mysite.com.conf and should contain this info
# The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName mysite.com ServerAlias www.mysite.com ServerAdmin info@mysite.com DocumentRoot /var/www/mysite # Available loglevels: trace8, . trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog $/error.log CustomLog $/access.log combined Options All AllowOverride All Require all granted # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf # vim: syntax=apache ts=4 sw=4 sts=4 sr noet client denied by server configuration
This error will only occur if: the client address matches 127.0.0.0/8 or the client address is ::1 or both the client and the server address of the connection are the same. This is a new feature that was added to Apache 2.4. In short if you are testing this on your local host make sure this flag «Require local» is set. It is not however needed for your production server
6 Answers 6
In my case, I modified directory tag.
Allow from all Order Deny,Allow And it seriously worked. It’s seems changed with Apache 2.4.2.
Just built a new machine with the latest copy of xampp. All the virtual hosts stopped working. Require local fixed it.
It is a required step when upgrading to Apache 2.4. See httpd.apache.org/docs/2.4/upgrading.html#run-time
For me the following worked which is copied from example in /etc/apache2/apache2.conf :
Options Indexes FollowSymLinks AllowOverride None Require all granted Require all granted option is the solution for the first problem example in wiki.apache.org page dedicated for this issue for Apache version 2.4+.
More details about Require option can be found on official apache page for mod_authz module and on this page too. Namely:
Require all granted -> Access is allowed unconditionally.
The error «client denied by server configuration» generally means that somewhere in your configuration are Allow from and Deny from directives that are preventing access. Read the mod_authz_host documentation for more details.
You should be able to solve this in your VirtualHost by adding something like:
Or alternatively with a Directory directive:
Allow from all Order Deny,Allow Some investigation of your Apache configuration files will probably turn up default restrictions on the default DocumentRoot.
For me the following worked which is copied from example in /etc/apache2/apache2.conf : `
i’m using macOS Mojave (Apache/2.4.34). There was an issue in virtual host settings at /etc/apache2/extra/httpd-vhosts.conf file. after adding the required directory tag my problem was gone.
Hope the full virtual host setup structure will save you.
DocumentRoot "/Users/vagabond/Sites/MainProjectFolderName/public/" ServerName project.loc all you’ve to do replace the MainProjectFolderName with your exact ProjectFolderName.
AH01630: client denied by server configuration .htaccess
I’m not being able to open php files in my vps server(hostgator Apache 2.4.41), instead of opening the file, it is downloaded.
No, I jsut upgraded WHM. But i changed the profile in EasyApache 4, I changed to use node, but i regret so i came back to default profile. But it’s not working anything now
I am looking your code but cant find anything wrong in it, in case I will add mine working one try it. and delete cookies
1 Answer 1
This isworking for me, edit it to your requirements
Options Indexes FollowSymLinks AllowOverride All Require all granted RewriteEngine On RewriteCond % !-f RewriteCond % !-d RewriteRule ^(.*)$ index.php/$1 [L]
Client denied by server configuration
This error means that the access to the directory on the file system was denied by an Apache configuration.
Before you start
Before attempting to alter any existing config file, please take note of the full file system path for which access is being denied, and the IP or hostname of the client:
[] [error] [client ::1] client denied by server configuration: /var/www/example.com/ Using the correct path in the directory block for the following examples is essential to solving this problem. In this case, a client from the local machine (::1) is being denied access to [/var/www/example.com][1] .
Something like this should resolve your problem :
Order allow,deny Allow from all Order allow,deny Allow from all Require all granted For more explanition: