I have a web server serving pages from a local IP address.
It is behind NAT which has correctly set port forwarding for 80 and 443 (tested by pointing to another local web server).
When trying to access from public address I get 403 while at the same time everything is reachable from local network.
Web server is apache.
What would be the order of things to check?
EDIT: Thanks everyone for their answers. Problem is resolved.
I checked apache access log (403 gets mentioned there), but that gave me no real clue. At that moment I was basically wondering if it is apache or the webapp (drupal) that is giving this response. After triple checking the apache config I also checked the webapp more thoroughly and found that non-local IPs were banned.
EDIT 2: If someone provides a good answer (or expand the existing) on what would have been a proper way to determine if it was apache or webapp I will accept it as an answer.
Do you use name based virtual hosts in your apache config? How do you connect from the LAN and through the NAT router? If you have name based virtual hosting, the Host header in the HTTP request defines which virtual host serves the request. So for example if I have a something like:
And I connect on the outside router with http://my.nat.router/, I might end up at the last virtual hostname that I specified. If that one is setup on a DocumentRoot that has no permissions, I get a 403.
Another possibility could be that you have a DocumentRoot specified and later on a Directory directive that does not have "allow from all", but only something like "allow from 192.168.0.0/24".
What does the apache error log say? that should give you a clue.
Best guess - Double check your webserver configuration - are you allowing access from "any"? There may be a rule in there only allowing the local subnet.
403 is access forbidden. Do you permit anonymous access to apache?