This error means that the access to the directory on the file system was denied by an Apache configuration.
The 2.4 release introduced significant changes to the authorization and authentication process. Users of that release are encouraged to read this link to migrate their older config files.
Before attempting to alter any existing config file, please take note of the full file system path for which access is being denied, and the IP or hostname of the client:
[<date here>] [error] [client ::1] client denied by server configuration: /var/www/example.com/ |
Using the correct path in the directory block for the following examples is essential to solving this problem. In this case, a client from the local machine (::1) is being denied access to /var/www/example.com .
First, remember "Directory" permissions propagate to subdirectories by default.
The possible causes are:
DocumentRoot /var/www/example.com |
2.2:
<Directory /var/www/example.com> Order deny,allow Deny from all </Directory> |
2.4:
<Directory /var/www/example.com> Require all denied </Directory> |
In the above examples, using the following configuration will resolve the issue:
2.2:
<Directory /var/www/example.com> Order allow,deny Allow from all </Directory> |
2.4:
<Directory /var/www/example.com> Require all granted </Directory> |
DocumentRoot /var/www/example.com Alias /foo /var/www/foo |
Solution (2.2):
<Directory /var/www/foo> Order allow,deny Allow from all </Directory> |
Solution (2.4):
<Directory /var/www/foo> Require all granted </Directory> |
ProxyPass /foo/ http://internal.example.com:8900/ ProxyPassReverse /foo/ http://internal.example.com:8900/ |
Solution (2.2):
<Location /foo> Order allow,deny Allow from all </Location> |
Solution (2.4):
<Location /foo> Require all granted </Location> |
<Directory /var/www/example.com> Order allow,deny Allow from all Require all granted </Directory> |
The solution:
<Directory /var/www/example.com> Require all granted </Directory> |
The following configuration may be included in your apache HTTPD configuration; its purpose is to prevent unauthorized access to the root of the file system. Under no condition should it be altered. Instead, the existing directory block for the full file system path should be altered, or a new one should be created if it was not already present.
2.2:
<Directory /> Order deny,allow Deny from all </Directory> |
2.4:
<Directory /> Require all denied </Directory> |
If granting full access to the resource in question is not an option, specific IP addresses, partial IP addresses, network masks and CIDR specifications can be used with the allow and require directives.