- Apache HTTP Server 2.2.21 with VirtualHosts under SuExec
- PHP 5.3.8 via fcgid
- Arch Linux 2011.08.19
I am getting 403 Access Denied errors from Apache any time I try to access a PHP file. HTML files and text files work fine. I've played with every conceivable permissions combination on the PHP files I can think of, from 644 to 777. Doesn't change anything.
I also played with the permissions on the FCGI wrapper and parent folder. With o+x (777, 775, 773, 771), I get this in the browser:
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
…and this in the vhost error log:
client denied by server configuration: /srv/www/hostname/fcgid-bin/php-fcgid-wrapper
With o-x (776, 774, 772, 770, or below), I get this in the browser:
Forbidden
You don't have permission to access /fcgid-bin/php-fcgid-wrapper/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
…and this in the log:
(13)Permission denied: access to /fcgid-bin/php-fcgid-wrapper/index.php denied
This is really boggling my mind seeing as my setup was working fine until I started getting this and I don't know what I possibly could have done to change that. /usr/bin/php-cgi
and the wrapper both work fine with the exact same input files when called directly.
Here's my vhost config:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/srv/www/hostname/public/"
ServerName hostname.com
ServerAlias www.hostname.com
SuexecUserGroup hostname hostname
ErrorLog "/srv/www/hostname/logs/error.log"
LogLevel debug
CustomLog "/srv/www/hostname/logs/access.log" combined
<Directory /srv/www/hostname/public>
Order allow,deny
Allow from all
</Directory>
# http://www.linode.com/forums/viewtopic.php?t=2982
<IfModule !mod_php5.c>
<IfModule !mod_php5_filter.c>
<IfModule !mod_php5_hooks.c>
<IfModule mod_actions.c>
<IfModule mod_alias.c>
<IfModule mod_mime.c>
<IfModule mod_fcgid.c>
AddHandler php-fcgi .php
Action php-fcgi /fcgid-bin/php-fcgid-wrapper
Alias /fcgid-bin/ /srv/www/hostname/fcgid-bin/
<Location /fcgid-bin/>
SetHandler fcgid-script
Options +ExecCGI
</Location>
ReWriteEngine On
ReWriteRule ^/fcgid-bin/[^/]*$ / [PT]
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</VirtualHost>
That doesn't include
/srv/www/hostname/fcgid-bin/
; assuming there's noAllow
applying to it elsewhere in your config, this is the problem. You'll need toAllow
access to this location.I had a similar error, except mine was due to missing the
line from the directory where my scripts were (in a virtual server subfolder), that's why html files loaded fine, but php files gave 403s.