3
  • Apache HTTP Server 2.2.21 with VirtualHosts under SuExec
  • PHP 5.3.8 via fcgid
  • Arch Linux 2011.08.19

I am getting 403 Access Denied errors from Apache any time I try to access a PHP file. HTML files and text files work fine. I've played with every conceivable permissions combination on the PHP files I can think of, from 644 to 777. Doesn't change anything.

I also played with the permissions on the FCGI wrapper and parent folder. With o+x (777, 775, 773, 771), I get this in the browser:

Access forbidden!

You don't have permission to access the requested object. It is either read-protected or not readable by the server.

…and this in the vhost error log:

client denied by server configuration: /srv/www/hostname/fcgid-bin/php-fcgid-wrapper

With o-x (776, 774, 772, 770, or below), I get this in the browser:

Forbidden

You don't have permission to access /fcgid-bin/php-fcgid-wrapper/index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

…and this in the log:

(13)Permission denied: access to /fcgid-bin/php-fcgid-wrapper/index.php denied

This is really boggling my mind seeing as my setup was working fine until I started getting this and I don't know what I possibly could have done to change that. /usr/bin/php-cgi and the wrapper both work fine with the exact same input files when called directly.

Here's my vhost config:

<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/srv/www/hostname/public/" ServerName hostname.com ServerAlias www.hostname.com SuexecUserGroup hostname hostname ErrorLog "/srv/www/hostname/logs/error.log" LogLevel debug CustomLog "/srv/www/hostname/logs/access.log" combined <Directory /srv/www/hostname/public> Order allow,deny Allow from all </Directory> # http://www.linode.com/forums/viewtopic.php?t=2982 <IfModule !mod_php5.c> <IfModule !mod_php5_filter.c> <IfModule !mod_php5_hooks.c> <IfModule mod_actions.c> <IfModule mod_alias.c> <IfModule mod_mime.c> <IfModule mod_fcgid.c> AddHandler php-fcgi .php Action php-fcgi /fcgid-bin/php-fcgid-wrapper Alias /fcgid-bin/ /srv/www/hostname/fcgid-bin/ <Location /fcgid-bin/> SetHandler fcgid-script Options +ExecCGI </Location> ReWriteEngine On ReWriteRule ^/fcgid-bin/[^/]*$ / [PT] </IfModule> </IfModule> </IfModule> </IfModule> </IfModule> </IfModule> </IfModule> </VirtualHost>
Improve this question
2
  • Check the ownership of the files you are trying to access (i.e. index.php) - suexec verifies that the files have the correct ownership (i.e. are owned by 'hostname') before executing them - running php directly would still execute the files (as long as they are readable, regardless of ownership), and offhand, I don't think text/html files are run through suexec. Unlikely, perhaps, but it seems to fit the symptoms. Commented Oct 29, 2011 at 3:21
  • Did you take a look at the error log? Commented Oct 29, 2011 at 3:41

2 Answers 2

Reset to default
4 
<Directory /srv/www/hostname/public> Order allow,deny Allow from all </Directory>

That doesn't include /srv/www/hostname/fcgid-bin/; assuming there's no Allow applying to it elsewhere in your config, this is the problem. You'll need to Allow access to this location.

Improve this answer
0
0

I had a similar error, except mine was due to missing the

Options ExecCGI

line from the directory where my scripts were (in a virtual server subfolder), that's why html files loaded fine, but php files gave 403s.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.