Apache 2.4 – htaccess RewriteEngine On Causes 403 Error

apache-2.4mod-rewritewindows-server-2022

Windows Server 2022
Apache 2.4.57 x64

httpd.conf – relevant

<Directory />
    Options none
    AllowOverride none
    Require all denied
</Directory>
DirectoryIndex index.html
<Files ".ht*">
    Require all denied
</Files>

httpd-vhosts.conf – relevant

<VirtualHost *:443>
    DocumentRoot "c:/path/to/public_html"
    DirectoryIndex index.php
    <Directory "c:/path/to/public_html">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

files

c:/path/to/public_html/index.php
c:/path/to/public_html/.htaccess

.htaccess – full

RewriteEngine Off

When RewriteEngine Off then https://www.example.com/ serves index.php

When RewriteEngine On then https://www.example.com/ results in a 403-Forbidden

Am I missing some obvious directive?

Note: the behavior described above stays the same even if https://www.example.com/index.php is explicitly requested.

Best Answer

FIXED!

<VirtualHost *:443>
    DocumentRoot "c:/path/to/public_html"
    
    ## NEW
    RewriteEngine On
    
    DirectoryIndex index.php
    <Directory "c:/path/to/public_html">
        AllowOverride All
        Require all granted
        
        ## NEW
        Options +FollowSymlinks
        
    </Directory>
</VirtualHost>

Checking the logs revealed:

[rewrite:error] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions

RTFM'ing RewriteRule reveals:

To enable the rewrite engine in this context, you need to set "RewriteEngine On" and "Options FollowSymLinks" must be enabled.

Face, meet palm.

Related Solutions

.htaccess file is not working on Apache 2.4.12 and Windows Server 2008 R2

Have you checked the file system permissions? I would like to think that the default user account running apache should not have access to c:/....

http://httpd.apache.org/docs/2.4/howto/htaccess.html

Apache 2.4 – How to Use VirtualHost DocumentRoot Instead of Default

I've managed to resolve my issue, and naturally it had nothing to do with anything I posted above. Hopefully this will help someone else down the road.

The root cause of my issue turned out to be my installation of PHP 7, specifically with the setup of php-fpm. The guide I followed suggested creating an fpm.conf file with the following:

# PHP scripts setup 
ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/var/www/html

Alias / /var/www/html/

Thanks to this config, my DocumentRoot was getting rewritten for all of my VirtualHosts to the above path. It wasn't until I dumped all of my config files searching for '/var/www' that I came across this file.

Further googling on how to incorporate PHP-FPM with VirtualHosts led me to a page that had this code block within each VirtualHost block:

<FilesMatch \.php$>
    # 2.4.10+ can proxy to unix socket
    # SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost/"

    # Else we can just use a tcp socket:
    SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

Adding this block to both of my VirtualHosts, and removing the old fpm.conf file and restarting Apache resolved my issue, the correct DocumentRoot was now being used for each VHost. It still remains to be determined if my PHP files are going to be served up correctly, but at least now I'm on the right path.

Best Answer

Related Solutions

.htaccess file is not working on Apache 2.4.12 and Windows Server 2008 R2

Apache 2.4 – How to Use VirtualHost DocumentRoot Instead of Default

Related Topic