0

I'm running Wamp64 under Windows 11 with a local domain tvcdev.local. Any attempt under Javascript to make an Ajax call to a script in any same-level directory other than the directory containing the calling script fails with a 403 error.

An example call:

function logError(errMsg)
{
  $.ajax({
    type: 'POST',
    data:{'logerror': errMsg},
    url:'/php/inc/errorhandler-inc.php',
  });
}

Though this is a call to the error handler, it isn't specifically an error issue as the 403 error occurs with any Ajax call to any script in directories such as '/php/main' or '/php/ajax' at the same level.

The Apache log says:

\[Wed Mar 08 10:14:47.003011 2023\] 
\[access_compat:error\] \[pid 15976:tid 1264\] 
\[client ::1:56426\]  AH01797: client denied 
by server configuration: D:/localserver/volcentre
/tvcdev/php/inc/errorhandler-inc.php, referer:  
http://tvcdev.local/volreg.html

These are the typical headers for the call:

Request URL: http://tvcdev.local/php/inc/errorhandler-inc.php    
Request Method: POST    
Status Code: 403 Forbidden    
Remote Address: [::1]:80    
Referrer Policy: strict-origin-when-cross-origin    
Connection: Keep-Alive    
Content-Length: 308    
Content-Type: text/html; charset=iso-8859-1    
Date: Wed, 08 Mar 2023 11:11:40 GMT    
Keep-Alive: timeout=5, max=96    
Server: Apache/2.4.51 (Win64) PHP/8.1.15 mod_fcgid/2.3.10-dev    
Accept: */*    
Accept-Encoding: gzip, deflate    
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8    
Connection: keep-alive    
Content-Length: 920    
Content-Type: application/x-www-form-urlencoded; charset=UTF-8    
Cookie: XDEBUG_SESSION=netbeans-xdebug; TVCFORMS=qnscpme0jc6irog82lqj0570ls    
Host: tvcdev.local    
Origin: http://tvcdev.local    
Referer: http://tvcdev.local/volreg.html    
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36    
X-Requested-With: XMLHttpRequest

I can't see how to modify the server config to resolve it.

I've tested various directories. A call to a script in the parent directory is accepted.

The issue is purely a local one and the production hosted web server is not affected.

EDIT: A previous suggestion to change the relevant entry in httpd-vhosts.conf from 'Require local' to 'Require all granted' does not resolve the issue in my case.

disklos
  • 11
  • 2
  • 2
    "which suggests it's a CORS problem" — No it doesn't. An error message in the browser console saying that it is a CORS problem would suggest it is a CORS problem. A `403` error suggests that you haven't included the needed credentials (which might be because of a CORS error or might be something else). We don't know what credentials your server-side code needs. We can't see what code is making the request. Please read [ask] and provide a [mcve]. – Quentin Mar 08 '23 at 10:27
  • @Quentin: Apologies. I've edited the question to add more details. – disklos Mar 08 '23 at 11:04
  • Well there's no sign of any credentials on the request code you provided, and no sign of any server-side code which might check for credentials (or otherwise) and emit a 403 error in your question. – Quentin Mar 08 '23 at 11:06
  • "client denied by server configuration" — you might want to look at your server configuration. – Quentin Mar 08 '23 at 11:13
  • Quentin: Your suggestions for what I should be looking for and where would be most helpful. – disklos Mar 08 '23 at 11:23
  • Does this answer your question? [WAMP Cannot access on local network 403 Forbidden](https://stackoverflow.com/questions/23382627/wamp-cannot-access-on-local-network-403-forbidden) – E. Zacarias Mar 08 '23 at 11:33
  • 1
    @E.Zacarias: Thanks for pointing this out. I'd missed it. Unfortunately, it doesn't work in my case. – disklos Mar 08 '23 at 12:00

0 Answers0