错误消息“禁止您无权访问/在此服务器上”[关闭]

Question

我自己配置​​了我的 Apache 并尝试在虚拟主机上加载 phpMyAdmin，但我收到了：

403 Forbidden 您无权访问此服务器上的 /

我的 httpd.conf

#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see 
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" will be interpreted by the
# server as "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which httpd.exe is located
# will be used by default.  It is recommended that you always supply
# an explicit drive letter in absolute paths to avoid confusion.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:80

Include conf/vhosts.conf

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule php5_module "c:/Program Files/php/php5apache2_2.dll" 

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon

</IfModule>
</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin webmaster@somenet.com

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.somenet.com:80

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
#
# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error.log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "logs/access.log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "logs/access.log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.somenet.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts. 
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock logs/cgisock
</IfModule>

#
# "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml

    AddType application/x-httpd-php .php 
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.somenet.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall is used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be 
# included to add extra features or to modify the default configuration of 
# the server, or you may simply copy their contents here and change as 
# necessary.

# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf

# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf

# Language settings
#Include conf/extra/httpd-languages.conf

# User home directories
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf

# Various default settings
#Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

PHPIniDir "c:/Program Files/php" 

和 vhosts.conf：

NameVirtualHost 127.0.0.1:80

<VirtualHost 127.0.0.1:80>
    DocumentRoot i:/projects/webserver/__tools/phpmyadmin/
    ServerName dbadmin.tools
</VirtualHost>

Answer 1

2016 年 10 月更新

4 年前，由于这个答案被许多人用作参考，虽然这些年来我从安全角度学到了很多东西， 我觉得我有责任澄清一些重要的注意事项，我已经相应地更新了我的答案。

原始答案是正确的，但对于某些生产环境并不安全， 此外，我想解释一下您在设置环境时可能遇到的一些问题。

如果您正在寻找快速解决方案并且安全不是问题，即开发环境，请跳过并阅读原始答案

很多情况都会导致403 Forbidden：

---

A.目录索引（来自mod_autoindex.c）

当您访问一个目录并且在该目录中没有找到默认文件时 AND Apache Options Indexes 没有为此目录启用。

A.1。 DirectoryIndex 选项示例

DirectoryIndex index.html default.php welcome.php

A.2。 Options Indexes 选项

如果设置，如果没有找到默认文件，apache将列出目录内容（来自上面的??选项）

如果以上条件都不满足

您将收到403 Forbidden

建议

• 除非真的需要，否则不应允许列出目录。
• 将默认索引DirectoryIndex 限制为最小。
• 如果您想修改，请将修改限制在所需的目录，例如，使用.htaccess 文件，或将您的修改放在<Directory /my/directory> 指令中

---

B. deny,allow 指令 (Apache 2.2)

@Radu、@Simon A. Eugster 在 cmets 中提到 您的请求被这些指令拒绝、列入黑名单或列入白名单。

我不会发布完整的解释，但我认为一些示例可以帮助您理解， 总之记住这条规则：

如果两者都匹配，则最后一个指令将获胜

Order allow,deny

如果两个指令都匹配，拒绝将获胜（即使 allow 指令写在 conf 中的 deny 之后）

Order deny,allow

如果两个指令都匹配，则允许获胜

示例 1

Order allow,deny
Allow from localhost mydomain.com

只有 localhost 和 *.mydomain.com 可以访问，所有其他主机都被拒绝

示例 2

Order allow,deny
Deny from evil.com
Allow from safe.evil.com # <-- has no effect since this will be evaluated first

所有请求都被拒绝，最后一行可能会欺骗你，但请记住，如果同时符合最后一个获胜规则（这里拒绝是最后一个），与写的相同：

Order allow,deny
Allow from safe.evil.com
Deny from evil.com # <-- will override the previous one 

示例 4

Order deny,allow
Allow from site.com
Deny from untrusted.site.com # <-- has no effect since this will be matched by the above `Allow` directive

接受来自所有主机的请求

示例 4：典型的公共站点（除非列入黑名单，否则允许）

Order allow,deny
Allow from all
Deny from hacker1.com
Deny from hacker2.com

示例 5：典型的 Intranet 和安全站点（除非列入白名单，否则拒绝）

Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain

---

C. Require 指令 (Apache 2.4)

Apache 2.4 使用了一个名为mod_authz_host 的新模块

Require all granted => 允许所有请求

Require all denied => 拒绝所有请求

Require host safe.com => 只允许来自 safe.com

---

D.文件权限

大多数人做错的一件事是配置文件权限，

黄金法则是

未经许可即可开始，根据需要添加

在 Linux 中：

• 目录应具有Execute 权限

• 文件应具有Read 权限

• 是的，你是对的，不要为文件添加Execute 权限

例如，我使用此脚本来设置文件夹权限

# setting permissions for /var/www/mysite.com

# read permission ONLY for the owner 
chmod -R /var/www/mysite.com 400 

# add execute for folders only
find /var/www/mysite.com -type d -exec chmod -R u+x {} \;

# allow file uploads 
chmod -R /var/www/mysite.com/public/uploads u+w

# allow log writing to this folder
chmod -R /var/www/mysite.com/logs/ 

我发布了这段代码作为示例，其他情况下设置可能会有所不同

---

---

原答案

我遇到了同样的问题，但我通过在 httpd.conf 的全局目录设置中或在特定目录块中设置 options 指令解决了这个问题httpd-vhosts.conf：

Options Indexes FollowSymLinks Includes ExecCGI

默认情况下，您的全局目录设置为(httpd.conf line ~188)：

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

将选项设置为： Options Indexes FollowSymLinks Includes ExecCGI

最后应该是这样的：

<Directory />
    #Options FollowSymLinks
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

还可以尝试将Order deny,allow 和Allow from all 行更改为Require all granted。

附录

目录索引源代码（为简洁起见，删除了一些代码）

if (allow_opts & OPT_INDEXES) {
     return index_directory(r, d);
} else {
        const char *index_names = apr_table_get(r->notes, "dir-index-names");

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
                      "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
                      "server-generated directory index forbidden by "
                      "Options directive",
                       r->filename,
                       index_names ? index_names : "none");
        return HTTP_FORBIDDEN;
    }

Answer 2

我知道这个问题已经解决，但我碰巧自己解决了同样的问题。

原因

Forbidden 您无权访问此服务器上的 /

实际上是httpd.conf中一个apache目录的默认配置。

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
#
# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory "/">
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all          # the cause of permission denied
</Directory>

只需将Deny from all 更改为Allow from all 即可解决权限问题。

另外，更好的方法是在虚拟主机配置上指定单个目录权限。

<VirtualHost *:80>
    ....

    # Set access permission
    <Directory "/path/to/docroot">
        Allow from all
    </Directory>

    ....
</VirtualHost>

然而，从 Apache-2.4 开始，访问控制是使用新模块 mod_authz_host (Upgrading to 2.4 from 2.2) 完成的。因此，应该使用新的Require 指令。

<VirtualHost *:80>
    ....

    # Set access permission
    <Directory "/path/to/docroot">
        Require all granted
    </Directory>

    ....
</VirtualHost>

Answer 3

托管在默认 /var/www/ 之外的目录的一个常见问题是，Apache 用户不仅需要对托管站点的目录和子目录的权限。 Apache 需要所有目录的权限，一直到托管站点的文件系统的根目录。 Apache 在安装时会自动获得分配给 /var/www/ 的权限，因此如果您的主机目录直接位于其下方，那么这不适用于您。编辑：Daybreaker 报告说他的 Apache 安装时没有对默认目录的正确访问权限。

例如，您有一台开发机器，您的站点目录是：

/username/home/Dropbox/myamazingsite/

你可能认为你可以侥幸逃脱：

chgrp -R www-data /username/home/Dropbox/myamazingsite/
chmod -R 2750 /username/home/Dropbox/myamazingsite/

因为这给了 Apache 访问您网站目录的权限？嗯，这是正确的，但这还不够。 Apache 需要目录树的所有权限，所以您需要做的是：

chgrp -R www-data /username/
chmod -R 2750 /username/

显然，如果不分析目录结构中的内容，我不建议将生产服务器上的 Apache 访问权限授予完整的目录结构。对于生产，最好保留默认目录或其他仅用于保存网络资产的目录结构。

Edit2：正如 u/chimeraha 指出的那样，如果您不确定自己在使用权限做什么，最好将您网站的目录移出您的主目录，以避免可能将自己锁定在您的主目录。

Answer 4

Apache 2.4 中的一些配置参数已更改。我在设置Zend Framework 2 应用程序时遇到了类似的问题。经过一番研究，这里是解决方案：

配置不正确

<VirtualHost *:80>
    ServerName zf2-tutorial.localhost
    DocumentRoot /path/to/zf2-tutorial/public
    SetEnv APPLICATION_ENV "development"
    <Directory /path/to/zf2-tutorial/public>
        DirectoryIndex index.php
        AllowOverride All
        Order allow,deny #<-- 2.2 config
        Allow from all #<-- 2.2 config
    </Directory>
</VirtualHost>

正确配置

<VirtualHost *:80>
    ServerName zf2-tutorial.localhost
    DocumentRoot /path/to/zf2-tutorial/public
    SetEnv APPLICATION_ENV "development"
    <Directory /path/to/zf2-tutorial/public>
        DirectoryIndex index.php
        AllowOverride All
        Require all granted #<-- 2.4 New configuration
    </Directory>
</VirtualHost>

如果您计划从 Apache 2.2 迁移到 2.4，这里有一个很好的参考：http://httpd.apache.org/docs/2.4/upgrading.html

Answer 5

使用 Apache 2.2

Order Deny,Allow
Allow from all

使用 Apache 2.4

Require all granted

来自http://httpd.apache.org/docs/2.4/en/upgrading.html

Answer 6

在使用 Apache 2.4 的 Ubuntu 14.04 上，我执行了以下操作：

在文件中添加以下内容，apache2.conf（在/etc/apache2下）：

<Directory /home/rocky/code/documentroot/>
  Options Indexes FollowSymLinks
  AllowOverride None
  Require all granted
</Directory>

并重新加载服务器：

sudo service apache2 reload

编辑：这也适用于带有 Apache 2.4 的 OS X Yosemite。最重要的一行是

要求全部授予

Answer 7

如果您使用的是WAMP 服务器，请尝试以下操作：

• 单击任务栏上的 WAMP 服务器图标

• 选择选项上线

• 您的服务器将自动重启

• 然后尝试访问你的本地网站

Answer 8

如果你使用 CentOS 和 SELinux 试试：

sudo restorecon -r /var/www/html

查看更多：https://www.centos.org/forums/viewtopic.php?t=6834#p31548

Answer 9

我通过将我的用户添加到 httpd.conf 解决了我的问题。

# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
#User daemon
User my_username
Group daemon

Answer 10

这篇文章Creating virtual hosts on Apache 2.2 帮助我（第 9 点）对顶级虚拟主机目录的权限。

我只是将这行添加到我的 vhosts.conf 文件中：

<Directory I:/projects/webserver>
    Order Deny,Allow
    Allow from all
</Directory>

Answer 11

我遇到了同样的错误，并且很长时间都无法找出问题所在。如果您碰巧在包含SELinux 的Linux 发行版上，例如CentOS，您需要确保为您的文档根文件正确设置了SELinux 权限，否则您将收到此错误。这是与标准文件系统权限完全不同的一组权限。

我碰巧使用了教程Apache and SELinux，但是一旦你知道要寻找什么，似乎还有很多。

Answer 12

如果您使用的是 MAMP Pro，解决此问题的方法是选中 Hosts - Extended 选项卡下的 Indexes 复选框。

在 MAMP Pro v3.0.3 中是这样的：

Answer 13

还有另一种方法可以解决这个问题。假设您想访问存在于/var/www/html/subphp 的目录“subphp”，并且您想使用127.0.0.1/subphp 访问它，您会收到如下错误：

您无权访问此服务器上的 /subphp/。

然后将目录权限从“无”更改为“访问文件”。命令行用户可以使用chmod 命令更改权限。

Answer 14

我遇到了同样的问题，但由于我将 apache 上的路径更改为 var/www 之外的文件夹，我开始遇到问题。

我通过在 var/www/html > home/dev/project 中创建一个符号链接来修复它，这似乎可以解决问题，而无需更改任何权限...

Answer 15

我使用 Mac OS X，就我而言，我只是忘记在 apache 中启用 php，我需要做的就是取消注释 /etc/apache2/httpd.conf 中的一行：

LoadModule php5_module libexec/apache2/libphp5.so

参考this文章了解详情。

Answer 16

（在 Windows 和 Apache 2.2.x 中）

“Forbidden”错误也是未定义虚拟主机的结果。

正如 Julien 所说，如果您打算使用虚拟 hosts.conf，请转到 httpd 文件并取消注释以下行：

#Include conf/extra/httpd-vhosts.conf

然后在conf/extra/httpd-vhosts.conf 中添加您的虚拟主机定义并重新启动 Apache。

Answer 17

我遇到了这个问题，我的解决方案是 www-data 没有拥有正确的文件夹，而是将它设置为让其中一个用户拥有它。 （我试图做一些花哨但错误的技巧来让 ftp 玩得很好。）

运行后：

chown -R www-data:www-data /var/www/html

机器再次开始提供数据。您可以通过

查看当前谁拥有该文件夹

ls -l /var/www/html

Answer 18

此解决方案不允许所有人

我只想更改我的公共目录 www，并通过我的 PC 和通过 Wifi 连接的移动设备访问它。我有 Ubuntu 16.04。

1. 所以，首先，我修改了 /etc/apache2/sites-enabled/000-default.conf 我改变了 DocumentRoot /var/www/html 这一行 对于我的新公共目录 DocumentRoot "/media/data/XAMPP/htdocs"

2. 然后我修改了/etc/apache2/apache2.conf，我把localhost的权限，和我的手机，这次我用的IP地址，我知道它不是完全安全的，但对于我的目的来说还可以。

   <Directory/>
       Options FollowSymLinks
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from localhost 10.42.0.11
   </Directory>
   

Answer 19

试试这个，不要添加任何东西 Order allow,deny 和其他人：

AddHandler cgi-script .cgi .py 
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Require all granted
    Allow from all
</Directory>

 

sudo a2enmod cgi
sudo service apache2 restart

Answer 20

    I changed 
    Order Deny,Allow
    Deny From All      in .htaccess to   " Require all denied "    and restarted apache but it did not help.

ubuntu 中 apache2.conf 的路径是 /etc/apache2/apache.conf

然后我在 apache2.conf 中添加了以下几行，然后我的文件夹工作正常

    <Directory /path of required folder>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
       </Directory>

   and run  " Sudo service apache2 restart " 

Answer 21

我知道这个问题已经有几个答案了，但我认为有一个非常微妙的方面，虽然提到过，但在之前的答案中没有得到足够的强调。

在检查 Apache 配置或文件的权限之前，让我们做一个更简单的检查，以确保 每个 目录构成了您要访问的文件的完整路径（例如 index.html）。 php 文件在您文档的根目录中）不仅可以被 Web 服务器用户读取，而且可以可执行。

例如，假设您的文档根目录的路径是“/var/www/html”。你必须确保所有的“var”、“www”和“html”目录都可以被网络服务器用户（可读和）执行。在我的情况下（Ubuntu 16.04）我错误地将“x”标志从“html”目录中删除到“others”组，因此权限如下所示：

drwxr-xr-- 15 root root 4096 Jun 11 16:40 html

如您所见，Web 服务器用户（在本例中适用“其他”权限）没有对“html”目录的执行访问权限，而这正是根目录的问题。发出后：

chmod o+x html

命令，问题解决了！

在以这种方式解决之前，我确实尝试了此线程中的所有其他建议，并且由于该建议隐藏在我几乎偶然发现的评论中，我认为在此处突出显示和扩展它可能会有所帮助。

Answer 22

我只有一个特定的控制器有同样的问题——这真的很奇怪。我在 CI 文件夹的根目录中有一个文件夹，该文件夹与我尝试访问的控制器同名......因此，CI 将请求定向到该目录而不是控制器本身。

删除此文件夹后（有点错误），一切正常。

为了更清楚，这是它的样子：

/ci/controller/register.php

/ci/register/

我不得不删除/ci/register/。

Answer 23

准确检查您放置文件的位置，不要将它们嵌套在 Documents 文件夹中。

例如，我犯了一个错误，将我的代码放在前面提到的 Documents 文件夹中，这是行不通的，因为 Documents 明确地只对您可用，而不是 APACHE。尝试将其上移一个目录，您可能不会看到此问题。

从以下位置移动文件夹：

/用户/您的用户名/文档/代码

到这里： /用户/您的用户名/代码

Answer 24

只是为了在我遇到这个问题时带来另一个贡献：

我配置了一个我不想配置的 VirtualHost。我已经注释掉了包含虚拟主机的行，并且它起作用了。

Answer 25

你可以像这样修改youralias.conf文件：

Alias /Quiz/ "h:/MyServer/Quiz/" 
 <Directory "h:/MyServer/Quiz/">
   Options Indexes FollowSymLinks
   AllowOverride all
   <IfDefine APACHE24>
     Require local
   </IfDefine>
   <IfDefine !APACHE24>
    Order Deny,Allow
    Deny from all
    Allow from localhost ::1 127.0.0.1
   </IfDefine>
 </Directory>

Answer 26

记住这种情况下要配置的正确文件不是phpMyAdmin别名中的httpd.conf，而是bin/apache/your_version/conf/httpd.conf中的。

查找以下行：

DocumentRoot "c:/wamp/www/"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

确保将其设置为Allow from all...

如果没有，phpMyAdmin 甚至可以工作，但你的根目录和它下面的其他文件夹不能工作。还有，记得重启WAMP再上线...

这解决了我的头痛。

Answer 27

在运行 docker build 之前，我在使用 SSHFS 从本地文件系统挂载 VirtualBox 来宾中的文件时遇到了这个问题。最后，“修复”是将所有文件复制到 VirtualBox 实例，而不是从 SSHFS 挂载内部构建，然后从那里运行构建。

Answer 28

WORKING 方法（除非没有其他问题）

默认情况下，Apache 不限制来自IPv4（公共外部 IP 地址）的访问

限制的是'httpd.conf'中给出的命令。

全部替换

<Directory />
    AllowOverride none
    Require all denied
</Directory>

与

<Directory />
    AllowOverride none
    # Require all denied
</Directory>

因此消除了对 Apache 的所有限制。

将 C:/wamp/www/ 目录的 Require local 替换为 Require all granted。

<Directory "c:/wamp/www/">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
    # Require local
</Directory>

Answer 29

更改配置文件后不要忘记Restart All Services。

我在这上面浪费了三个小时。

Answer 30

这很荒谬，但是当我尝试下载的文件不在文件系统上时，我得到了 403 Forbidden。在这种情况下，apache 错误不是很准确，并且在我简单地将文件放在它应该在的位置之后，整个事情就起作用了。