Mac apache localhost giving 403 Forbidden
Im trying to set up my local environment on my new mac OSX 10.9. I know it has apache already installed, so i’ve been using that. No matter how I set up my httpd-vhosts.conf/hosts/httpd.conf files, I continuously get a 403 forbidden error when visiting localhost OR «test.com» on my browser. The error / files / other information is listed below.
This is the error I’m getting when visiting either web page
My /private/etc/hosts file
My /private/etc/apache2/httpd.conf file
My /private/etc/apache2/extra/httpd-vhosts file
When using the command sudo apachectl -t
I don’t know what to try at this point. I’ve spent several hours looking at tutorials and other questions people have posted. It looks like my files and permissions are correct!
3 Answers 3
I just resolved this issue. Try adding ‘Require all granted’ instead of ‘Allow from all’.
when you set DocuemntRoot «/Users/xxx/xxx» on mac os, your must ensure your httpd User && Group have permission to read the directory.By default, /Users/xxx/xxx owner is root and group is admin, so you don’t have the permission. If your directory group is wheel it maybe work.
After the last upgrade to MacOS HighSierra 10.13.4 I had the same message. I’ve tried different solutions posted around but the what really tipped me was an article mentioning that when you get this message it’s usually just a matter of permissions. So in the end I just needed to make sure that the group and the owner of both the document root, that I don’t keep under my profile path, and the children directory are owned by the same user and group specified in httpd.conf, are set to my group and username. The default values in httpd.conf are: _www and wheel respectively. If you’re unsure about your user name use whoami on a terminal window.
If you’re interested in keeping your files under your profile directory this guide may help you.
OSX El Capitan — Apache 403 Forbidden
I just upgraded from Yosemite to El Capitan but unfortunately forgot to copy my old httpd.conf and now i need to configure all of its settings again.
I already changed the documentroot to the previous one /users/admin/www, and also configured to release access to this folder:
Restarted Apache but even this way I get the ‘Forbidden’ error when trying to access 127.0.0.1.
What am I’m missing here?
10 Answers 10
After spending 3 hours on the issue — this worked for me!
I just found out that the old .conf file is saved during the El Captain update, in this folder :
So i just copied the old definitions to the new one 🙂
You can navigate to /private/etc/apache2/ and then diff httpd.conf httpd.conf.pre-update to see the differences between your old conf file and the new one that’s been added.
For me there was a lot of LoadModules lines commented out, and my apache user/group had been changed back to _www
I am not familiar with the changes in Apache 2.4 so this one really stumped me for about 30 minutes. I just upgraded from Mavericks to El Capitan (Apache 2.2 to 2.4) and I could not load my personal Sites directory (http://localhost/
I hope this info helps somebody
Updating the directory access control worked for me:
In this example, all requests are allowed.
Order allow,deny Allow from all
Require all granted
Note: I keep my custom settings separately under /private/etc/apache2/other/ .
This helped as well (after doing everything else as well):
Like @delphirules said, you can copy your old httpd.conf file like so:
I’ve had issues with connecting to my localhost all day but finally found this: https://mallinson.ca/web-development-with-el-capitan/
Just run the copy command and then do a sudo apachectl restart
I’ve also disabled the SIP ( System Integrity Protection ) in recovery mode. I don’t know if it actually did anything though.. You can find those instructions here: https://forums.developer.apple.com/thread/3981
I had a similar issue receiving a 404 error back when trying to access pages in my local sites directory after enabling myself at the user level to serve sites after upgrading to El Capitan. The issue was that Apache reset the httpd.conf file to its default which disables the user folders to load files from. So http://localhost loaded fine but http://localhost/
username/index.html would NOT load. Here’s the fix:
back up the «new» config file that was created:
restore the «old» config file that was renamed:
In case you have symlinks to some of your projects in DocumentRoot directory, after upgrade to El Capitan you can get 403 for these projects, like I did. You will need the following things to make them work again:
1) Your apache user (_www by default) should have execute access to directory that houses a directory to which you link to. In my case in apache DocumentRoot I had:
And for some reason access settings for /Users/Me/Documents/Aptana Studio 3 Workspace/MyProject were -rw——- 1 Me staff My guess it was set during OS x upgrade. So after sudo chmod 755 Aptana\ Studio\ 3\ Workspace error was resolved.
Apache localhost 403 error with Yosemite
I’ve just installed Mac OS X Yosemite fresh. I configured Apache and chmodded «users/user/Sites» to 755. When I hit localhost I receive a 403 Forbidden «You don’t have permission to access / on this server» . The same thing occurs with any other sites I add to my hosts file.
I tried configuring user directories following help from this post. The guys on this MacRumors thread know there is an Apache issue, but didn’t offer a lot of suggestions.
My directory permissions look like this
Can anyone offer any suggestions or help? Here are links to my hosts and httpd.conf files and error logs for reference.
7 Answers 7
You do NOT want to open up the entirety of your hard drive to the web server process. In fact, lines 215-217 of httpd.conf say:
Apache 2.4 (OSX 10.10 Yosemite) has a different structure from Apache 2.2 (OSX 10.9) for the Directory directive in Module mod_authz_core.
EDIT: If you are setting up Apache from the START, please follow this instruction set to setup apache and php on OSX 10.10 Yosemite.
Assuming you have mod_userdir.so enabled already, your problem is within your user .conf file ( /etc/apache2/users/username.conf ), edit (or add) the following.
Edit the file: /private/etc/apache2/httpd.conf
on line 250 (in Yosemite) change:
then in the Terminal run:
This might be very late answer but i did followed most of Stack Overflow solutions, None of them helped me for various reasons. So i did reset my device as a fresh Yosemite OS to get this localhost working on Mac Yosemite (with Symlinks too),
Steps I did exactly :
Uncomment the following lines:
Save and Exit (Ctrl+X press Enter and press Y and enter again)
and uncomment the following line at line 16:
Save and Exit (Ctrl+X press Enter and press Y and enter again).
Now go to apache Users folder to check your configuration file exist or not
if you do not have configuration file in this folder, create one by
Replace with the name of your machine (type whoami in terminal and enter that name).
after creating .conf file , copy below lines into that file
Now restart your apache
Now go to your browser and type localhost, it should work as expected,
Just as a Note: if it does not work even after try restarting your computer
create index.html as exactly index.html.en that you should find here:
right click on index.html.en and duplicate it to index.html leaving original as it is
try again in browser and if you have success, you can delete the duplicated file
Just to be clear, leave the original file index.html.en where it is, untouched and unharmed throughout this step.
Not sure why I had to take this mysterious detour — probably something local to my machine, but if you’re having trouble after following the guide above, see if it helps.
SymLinks :
if you have success, in Browser you should see
Now create symlink to any your project.
For example if you have project folder in your Documents folder ,then point webroot to your index file by
you might need permission to create symlink (Use above command with Sudo)
Configure apache to follow symlinks ( Thanks to tomvon, i do not enough points to vote you)
on line 250 (in Yosemite) change:
then in the Terminal run:
Now go to localhost/projectlink to see if your project index file shows here on browser.
How to fix 403 in Mac OS X built-in Apache?
I’m trying to set a local environment on my new MacBook Air 13″: built-in Apache with my own DocumentRoot , PHP, and MySQL. I usually update /etc/hosts just to run my local websites with a pretty permalink: local/example . For references, I usually check:
This time I’m simply getting a 403 Forbidden error every time I hit 127.0.0.1 , localhost , or local . First I saw through the terminal that both Apache and PHP are running (even though I can’t view PHP pages); then I updated all permissions according to Apache permissions; now I’m just desperate. Here are the relevant Apache configs:
- /etc/hosts (view file — added one line)
- /etc/apache2/httpd.conf (view file — updated the DocumentRoot )
- /etc/apache2/users/joao.conf (view file — created this file)
- /etc/apache2/extra/httpd-vhosts.conf (view file — updated VirtualHost )
It looks like Apache is somehow denying me access to my DocumentRoot (which by the way is
/Sites is actually a symlink, I then tried to update DocumentRoot with the following paths (all pointing to the same directory):
/Sites
Still throwing 403. Any ideas how to fix/debug this?
Quick update — here’s what my /var/log/apache2/joao.pt-error_log looks like:
11 Answers 11
I have an alias specified in OSX server pointing to a user directory. I spent a long while chmodding and messing with _www user, adding executable permissions recursively, uninstalling macports and all sorts of stuff trying to get this to work. No idea why it wasn’t working.
Eventually, I just checked the «shared folder» checkbox in the Finder for that folder, and it worked, on the specified domain, with php active, the way I wanted it to. :/ . so that was easy.
I update to macOSS Sierra, Version 10.12
I face the same issue, I did two things to fix it properly. Following is my approaches.
1) Please check «/private/etc/apache2/extra/httpd-userdir.conf» file. Change
2)**And edit your «/etc/apache2/httpd.conf»
finally your doc root will be look like the following,
3) Restart apache
Still you facing the problem, Kindly check How to Set up Apache in macOS Sierra 10.12
I generally fix this by setting the Apache user to myself in local environments and in machines where the only user who uses Apache is me. In /private/etc/apache2/httpd.conf , set User to your username from _www , e.g.:
And then restart Apache:
If you have active sessions, they are going to give permission errors since they are still owned by _www . Own them:
Implications:
After this, Apache (and PHP et al.) will run as you and will gain read/write permission to all of the files you have read/write permission. But since this is just a local development environment, that shouldn’t be a problem unless you have no rules to block Apache in your firewall and let questionable files like file explorers, shells, scripts that may contain vulnerabilities run under Apache; in which case anyone including your public wifi neighbor in a cafe can enter http:// and do whatever those scripts let them to do.
In fact, you should prevent this regardless of the scripts you run or even if you don’t set Apache user to yourself since you probably don’t want random outsiders to be able to see the contents of your localhost .
Prevention:
Make Apache listen only to localhost. Again, in httpd.conf :
And restart Apache again:
Disable Apache in the application firewall (note that you may have already disabled it if you clicked Deny if/when it was asked during the first time you run Apache):
- Open System Preferences » Security & Privacy » Firewall .
- Click the lock icon to the lower left and enter your password if needed.
- Turn the firewall on if it’s disabled.
- Click Firewall Options .
- Click the + button.
- Hit cmd ⌘ + ⇧ shift + G and enter /usr/sbin/httpd and click Add (If httpd doesn’t show up there, you can look for it in the terminal by which httpd )
- In the list click httpd and select Block incoming connections .
- Hit OK .
Reload the firewall:
Restrict PHP to the document root. In php.ini :
( /var/tmp/ is for sessions)
Use all three solutions to secure yourself in case one of them gets disabled for some reason.
— Note that as my active language in my machine is not English right know, wording might be a little different (Menu options and wording can be different regardless of the language in various OS X versions).
— Lines starting with $ need to be entered in command line (Terminal or iTerm etc), with the $ removed.
I just solved my issue by setting permissions not only to the DocumentRoot directory, but also to all its parent directories. This is how I did it.
(13) Permission Denied
Error 13 indicates a filesystem permissions problem. That is, Apache was denied access to a file or directory due to incorrect permissions. It does not, in general, imply a problem in the Apache configuration files.
In order to serve files, Apache must have the proper permission granted by the operating system to access those files. In particular, the User or Group specified in httpd.conf must be able to read all files that will be served and search the directory containing those files, along with all parent directories up to the root of the filesystem.
Typical permissions on a unix-like system for resources not owned by the User or Group specified in httpd.conf would be 644 -rw-r—r— for ordinary files and 755 drwxr-x-r-x for directories or CGI scripts. You may also need to check extended permissions (such as SELinux permissions) on operating systems that support them.
If you are running 2.4, the AH error code may give you more information here.
- AH00132: file permissions deny server access
- AH00035: access denied because search permissions are missing on a component of the path An Example
Lets say that you received the Permission Denied error when accessing the file /usr/local/apache2/htdocs/foo/bar.html on a unix-like system.
First check the existing permissions on the file:
Then do the same for the directory and each parent directory (/usr/local/apache2/htdocs/foo, /usr/local/apache2/htdocs, /usr/local/apache2, /usr/local, /usr):
On some systems, the utility namei can be used to help find permissions problems by listing the permissions along each component of the path:
namei -m /usr/local/apache2/htdocs/foo/bar.html If your system doesn’t have namei, you can use parsepath. It can be obtained from here.
If all the standard permissions are correct and you still get a Permission Denied error, you should check for extended-permissions. For example you can use the command setenforce 0 to turn off SELinux and check to see if the problem goes away. If so, ls -alZ can be used to view SELinux permission and chcon to fix them.
In rare cases, this can be caused by other issues, such as a file permissions problem elsewhere in your apache2.conf file. For example, a WSGIScriptAlias directive not mapping to an actual file. The error message may not be accurate about which file was unreadable.
DO NOT set files or directories to mode 777, even «just to test», even if «it’s just a test server». The purpose of a test server is to get things right in a safe environment, not to get away with doing it wrong. All it will tell you is if the problem is with files that actually exist.
CGI scripts
Although the CGI script permission might look correct, the actual binary specified in the shebang might not have the proper permissions to be run. (Or some directory on its path, check with namei as explained above.)
(13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed
This error is not really about file permissions or anything like that. What it actually means is that httpd has been denied permission to connect to that IP address and port.
The most common cause of this is SELinux not permitting httpd to make network connections.
To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also want to restart httpd to reset the proxy worker, although this isn’t strictly required.
# setsebool -P httpd_can_network_connect 1