403 Forbidden Error on Mac OS X Localhost

I set up Web Sharing in System Preferences on Mac OS X 10.6 and clicked the link it gave me there. Unfortuantely, Apache gave me this 403 error:

Forbidden

You don't have permission to access /~myusername/index.html on this server.

Access log displays: 10.0.1.2 - - [30/Jun/2010:16:25:15 -0700] "GET /~myusername/ HTTP/1.1" 403 210

Error log displays: [Wed Jun 30 16:26:09 2010] [error] [client 10.0.1.2] client denied by server configuration: /Users/myusername/Sites/

Curiously enough, accessing works fine. It's just with two of the user folders that I've having trouble with, the other user folder, which is newer than my system upgrade, is working fine.

I've had this working on my machine in Leopard before, so I chmodded everything in ~/Sites to 755, which didn't do any good. Any suggestions? I presume I've done something to my machine that's caused this, since I can't imagine Apple messing up on something like this.

I did set up PEAR with these instructions, but I have no idea if that could be the cause of it.

6

8 Answers

Apple has a support document for this problem. Fixing the issue involves creating a file /etc/apache2/users/yourusername.conf (yourusername being the account short name, e.g. danielbeck – it's usually the name of your home folder in /Users) with the following contents:

<Directory "/Users/yourusername/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Afterwards, run sudo chown root:wheel /etc/apache2/users/yourusername.conf and restart Apache.

1

For Apache to see the file, the user that Apache runs as (probably www or _www) must have access to these users' Sites directories. Having read/execute access to the contents of ~/Sites is not enough, because it has to be allowed to traverse from / down the path to ~/Sites. So make sure /, /Users, /Users/myusername, and /Users/myusername/Sites all have at least a+x permission (the eXecute bit on directories allows that user class to traverse the directory, even if Read access is not allowed).

ls -lde / /Users/ /Users/myusername/ /Users/myusername/Sites

If any of those directories doesn't show the last x set (the one for "others"), then use something like chmod a+x ... to set it for that directory.

If the ACL for any of those directories shows that user www has been specifically denied access, then use the appropriate arguments to chmod to fix the ACLs.

7

For reference, I just dealt with this, and none of the answers here worked in my specific case. I was configuring virtual hosts, but more importantly, I needed my htaccess files to actually work.

I changed on "AllowOverride None" to "AllowOverride All" in my /etc/apache2/users/USERNAME.conf file, and all of my sites started to be forbidden.

I changed it back and and then changed it only for one site in my httpd-vhosts.conf file, and only that site was forbidden.

After looking at the logs and seeing the problem was with url rewriting and the lack of FollowSymLinks, I went back to the USERNAME.conf file. I switch "AllowOverride None" to "AllowOverride All" and added "Options +FollowSymLinks" on the next line.

Things started working. I came from using xampp on windows and it had a lot of these settings already set server-wide for dummies like me.

2

I had the same problem: My (old) account wasn't accessible, but another user's account which were created after upgrading to Lion worked just fine.

After making sure your /etc/apache2/users/USERNAME.conf looks like this:

<Directory "/Users/USERNAME/Sites/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all
</Directory>

do a sudo chown root:wheel /etc/apache2/users/USERNAME.conf

it appears that this permission setting isn't set during the OS upgrade, and the Apache user can't read the config file, and throws an error.

At least this solved it for me.

2

update for Lion in 10/2011 I had to also add

UserDir enabled so my /etc/apache2/extra/httpd-userdir.conf is like this :

UserDir enabled
UserDir Sites
#
# Users might not be in /Users/*/Sites, so use user-specific config files.
#
Include /private/etc/apache2/users/*.conf
<IfModule bonjour_module> RegisterUserSite customized-users
</IfModule>

Continuing conversation from initial question comments -- Check out your /etc/apache2/httpd.conf file. On my machine, I have this:

# User home directories
Include /private/etc/apache2/extra/httpd-userdir.conf

I suspect yours is commented out. I vaguely recall changing this by hand when moving from 10.5 to 10.6 and the default changed.

This is probably obvious, but you'll have to use sudo to edit the file because it will be owned by root.

1

My case is XAMPP + Mac OS X 10.7 + Directory in Dropbox Folder ( cross-referencing my another question in Stack Overflow )

403 Access Forbidden is reported by Apache, therefore, I followed the above comment to change User in the /XAMPP/xamppfiles/etc/httpd.conf , from User nobody to User my_user_name. Restart Apache & it works fine.

You probably don't have Indexes turned on. If you don't you will need to either create an index file (index.html or index.php) or specify the file explicitly, i.e. .

2

You Might Also Like