Home / server / Questions / 930279
Accepted
TmCrafz
Asked: 2018-09-11 09:23:20 +0800 CST

Error 403 (access denied) with updated .htaccess file

  • 772

Im using a plugin for one of my websites which I have updated recently. Since I have updated I get always an access denied message (Error 403) when opening magnalister.php of the plugin. When I replace the new .htaccess file with the old one I have no problems. Here are the content of the files:

Before updating:

<Files magnalister.php>
    Order Deny,Allow
    Allow from all
</Files>

<Files magnaCallback.php>
    Order Deny,Allow
    Allow from all
</Files>

After updating:

<Files magnalister.php>
    <IfModule !mod_authz_core.c>
        Order Deny,Allow
        Allow from all
    </IfModule>
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
</Files>
<Files magnaCallback.php>
    <IfModule !mod_authz_core.c>
        Order Deny,Allow
        Allow from all
    </IfModule>
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
</Files>

In the PHP error log I get the following:

[Wed Sep 12 00:25:05 2018] [access_compat:error] [pid 7437] [client ***] [host ***] AH01797: client denied by server configuration: /is/htdocs/***/www/testshop3/plugins/magnalister/magnalister.php

Im using Apache/2.4.10.

What is the reason for the 403 error with the updated version?

php

1 Answers

  1. Best Answer

    Where are you denying access? That would seem to be the problem. I suspect you are still denying access with the "old" Apache 2.2 directives elsewhere in your Apache config and this is taking precedence.

    All the directives you have posted only allow access, so something else in your config is denying access to that file.

    You have updated your .htaccess config to work with Apache 2.4's mod_authz_core/host modules. However, on Apache 2.4, if another part of your config is still using the old Deny directives (part of mod_access_compact in Apache 2.4 and mod_authz_host in Apache 2.2) then these "old" directives will take priority over the "new" Apache 2.4 directives in .htaccess, despite the apparent order in your config, and access will still be denied.

    As noted in the Apache docs under upgrading to 2.4 from 2.2:

    ...mixing old and new directives [can] lead to unexpected results. ... Because mod_access_compat directives take precedence over the mod_authz_host ...

    So, if you are still using the "old" directives elsewhere in your config (to deny access) then these need to be updated to use the equivalent Apache 2.4 directives.

    This would seem to be confirmed by the error you are seeing, which is triggered by mod_access_compact, as opposed to mod_authz_core, as you would expect on Apache 2.4.

    [Wed Sep 12 00:25:05 2018] [access_compat:error] [pid 7437] [client ...] [host ...] AH01797: client denied by server configuration: /is/htdocs/.../www/testshop3/plugins/magnalister/magnalister.php

    (Aside: You say you are using Apache 2.4. Do you really need to maintain backwards compatibility with Apache 2.2, as you are doing in .htaccess? Maintaining both configs is only going to be harder to maintain and more prone to error.)

    • 1