32

I'm trying to create a folder named week7 and an html page named hello.html in that folder outside the document root and have it viewed through an Alias directive.

I created a folder named week7 out of the Document Root. I chose this location for it:

/usr/local/www/week7

while my document root is:

/usr/local/www/apache22/data

in httpd.conf and under tag, I wrote:

    Alias /week7 /usr/local/www/week7
<Directory /usr/local/www/week7>
    Require all granted
</Directory>

After rebooting the server, I got the following message: Forbidden 403 message.

I tried changing permissions for the hello.html file, the week7 folder and even the www folder and nothing changed.

Any ideas?

Yousif
  • 355
  • 1
  • 3
  • 8
  • 1
    `Require all granted` is AFAIK apache mod_authz in `Apache 2.4`. Are you one of the few running that? Most are still at `2.2`. – Wrikken Jun 26 '12 at 20:44
  • @Wrikken my server version is 2.2 but I used the command above from a tutorial on httpd.apache.org about Alias directive. I deleted the directory part and left my command looks like this: Alias /week7 /usr/local/www/week7 and restarted server and still nothing changed! (403 error). – Yousif Jun 28 '12 at 14:43
  • 2
    Yes, you would still be not allowed. Removing a rule used in apache 2.4 to allow access doesn't make access rights magically appear in 2.2... You probably want `Order allow,denyAllow from all`. – Wrikken Jun 28 '12 at 18:46
  • You need to have the `Options` line. Without that, apache doesn't know where to apply these rules. So, add `Options Indexes` at least. – matthaeus Aug 31 '20 at 09:16

7 Answers7

44

If you're using apache 2.4

Order allow,deny
Allow from all

becomes...

Require all granted

https://httpd.apache.org/docs/2.4/upgrading.html

user1585789
  • 648
  • 6
  • 14
30

I know it's old but just for the record, the following worked for me in XAMPP (Windows 8)

Alias /projects c:/projects

<Directory c:/projects>
    Options Indexes FollowSymLinks MultiViews
    Order allow,deny
    Allow from all
</Directory>

EDIT

On XAMPP 5.6 and Apache 2.4 try this:

Alias /projects c:/projects

<Directory c:/projects >
    Options Indexes FollowSymLinks MultiViews
    Require all granted
</Directory>

Add AllowOverride All to make .htaccess files found in /projects work!

Miro
  • 8,402
  • 3
  • 34
  • 72
  • 1
    Brilliant practical solution. Allows _xampp/htdocs_ to be retained as the **DocumentRoot** while allowing an external Eclipse project to be treated as an _htdocs_ subfolder. – Bad Loser Jul 10 '19 at 10:24
8

I fixed this issue with these directives:

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local

You'll only be able to browse from your local computer, but it works for local testing and development.

David Gassner
  • 260
  • 2
  • 10
5

Trying the solutions offered by the other answers here, and finding they didn't work for me, using Linux Mint, I found another option to start apache as a different user.

After reading unixd_module documentation, I edited "httpd.conf" to change the User and Group to that of the owner of the Alias directory (or root user) and the 403 "Forbidden" error had gone.

  1. Open your "httpd.conf" at /opt/lampp/etc/httpd.conf (in a default installation of XAMPP for example) in a text editor.

  2. Find <IfModule unixd_module>, where the comments should read something like:

    If you wish httpd to run as a different user or group, you must run httpd as root initially and it will switch.

    User/Group: The name (or #number) of the user/group to run httpd as.

    It is usually good practice to create a dedicated user and group for running httpd, as with most system services.

    with the default User and Group set to daemon.

  3. Edit the User and Group.

For example:

<IfModule unixd_module>
  User mrJohn
  Group mrJohn
</IfModule>

I hope this is useful.

Fred Gandt
  • 4,217
  • 2
  • 33
  • 41
Lee Tuấn
  • 321
  • 3
  • 4
5

For me worked this solution:

When I access the virtual directory an error “Access forbidden! Error 403” occured.
The config seems to ok:

Alias /static/ /home/username/sites/myblog/static/
<Directory /home/username/sites/myblog/static>
  Options Indexes FollowSymLinks MultiViews ExecCGI
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

Solution: The default apache configration is very restrictive. It do not allow to access directories without authentication. This is defined in the Directory section of httpd.conf:

<Directory>
   AllowOverride none
   Require all denied
</Directory>

Add a “require all granted” directive to your virtual directory section will grant the access.

Alias /static/ /home/username/sites/myblog/static/
<Directory /home/username/sites/myblog/static>
   AllowOverride All
   Order allow,deny
   Allow from all
   Require all granted
</Directory>
YakovL
  • 7,557
  • 12
  • 62
  • 102
Sulaymon Hursanov
  • 426
  • 8
  • 7
1

Alias /data /media/pi/VOLUME

.....

Options Indexes FollowSymLinks MultiViews

AllowOverride All

Require local

works fine on Raspbian for localhost

Jacques Talvard
  • 11
  • 1
0

I was able to gain access to a directory outside the document root, but using the method proposed in the original question to this thread.

   # Create Alias to access files for pure js front end app
   Alias "/hbt" "/dirA/dirB/dirC"

   # Create a Directory directive for "dirC"
   <Directory /dirA/dirB/dirC>
     Require all granted
   </Directory

Restarted Apache, and it worked! I'm using Apache 2.4

dev_bj777
  • 1
  • 1