Client denied by server configuration

This error means that the access to the directory on the file system was denied by an Apache configuration.

Apache HTTP server 2.4 notes

The 2.4 release introduced significant changes to the authorization and authentication process. Users of that release are encouraged to read this link to migrate their older config files.

Before you start

Before attempting to alter any existing config file, please take note of the full file system path for which access is being denied, and the IP or hostname of the client:

[<date here>] [error] [client ::1] client denied by server configuration: /var/www/example.com/

Using the correct path in the directory block for the following examples is essential to solving this problem. In this case, a client from the local machine (::1) is being denied access to /var/www/example.com .

Troubleshooting

The possible causes are:

DocumentRoot /var/www/example.com

2.2:

<Directory /var/www/example.com>
  Order deny,allow
  Deny from all
</Directory>

2.4:

<Directory /var/www/example.com>
  Require all denied
</Directory>

In the above examples, using the following configuration will resolve the issue:

2.2:

<Directory /var/www/example.com>
  Order allow,deny
  Allow from all
</Directory>

2.4:

<Directory /var/www/example.com>
  Require all granted
</Directory>

DocumentRoot /var/www/example.com

Alias /foo /var/www/foo

Solution (2.2):

<Directory /var/www/foo>
  Order allow,deny
  Allow from all
</Directory>

Solution (2.4):

<Directory /var/www/foo>
  Require all granted
</Directory>

ProxyPass /foo/ http://internal.example.com:8900/

ProxyPassReverse /foo/ http://internal.example.com:8900/

Solution (2.2):

<Location /foo>
  Order allow,deny
  Allow from all
</Location>

Solution (2.4):

<Location /foo>
  Require all granted
</Location>

<Directory /var/www/example.com>
  Order allow,deny
  Allow from all
  Require all granted
</Directory>

The solution:

<Directory /var/www/example.com>
  Require all granted
</Directory>

Words of caution

The following configuration may be included in your apache HTTPD configuration; its purpose is to prevent unauthorized access to the root of the file system. Under no condition should it be altered. Instead, the existing directory block for the full file system path should be altered, or a new one should be created if it was not already present.

2.2:

<Directory />
  Order deny,allow
  Deny from all
</Directory>

2.4:

<Directory />
  Require all denied
</Directory>

Restricting access a little further

If granting full access to the resource in question is not an option, specific IP addresses, partial IP addresses, network masks and CIDR specifications can be used with the allow and require directives.

ClientDeniedByServerConfiguration (last edited 2016-03-03 01:38:15 by thumbs)