Php – Access Denied for PHP Files Only

apache-2.2mod-fcgidPHPsuexecvirtualhost

  • Apache HTTP Server 2.2.21 with VirtualHosts under SuExec
  • PHP 5.3.8 via fcgid
  • Arch Linux 2011.08.19

I am getting 403 Access Denied errors from Apache any time I try to access a PHP file. HTML files and text files work fine. I've played with every conceivable permissions combination on the PHP files I can think of, from 644 to 777. Doesn't change anything.

I also played with the permissions on the FCGI wrapper and parent folder. With o+x (777, 775, 773, 771), I get this in the browser:

Access forbidden!

You don't have permission to access the requested object. It is either
read-protected or not readable by the server.

…and this in the vhost error log:

client denied by server configuration: /srv/www/hostname/fcgid-bin/php-fcgid-wrapper

With o-x (776, 774, 772, 770, or below), I get this in the browser:

Forbidden

You don't have permission to access
/fcgid-bin/php-fcgid-wrapper/index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.

…and this in the log:

(13)Permission denied: access to /fcgid-bin/php-fcgid-wrapper/index.php denied

This is really boggling my mind seeing as my setup was working fine until I started getting this and I don't know what I possibly could have done to change that. /usr/bin/php-cgi and the wrapper both work fine with the exact same input files when called directly.

Here's my vhost config:

<VirtualHost *:80>
    ServerAdmin admin@hostname.com
    DocumentRoot "/srv/www/hostname/public/"
    ServerName hostname.com
    ServerAlias www.hostname.com
    SuexecUserGroup hostname hostname
    ErrorLog "/srv/www/hostname/logs/error.log"
    LogLevel debug
    CustomLog "/srv/www/hostname/logs/access.log" combined

    <Directory /srv/www/hostname/public>
        Order allow,deny
        Allow from all
    </Directory>

    # http://www.linode.com/forums/viewtopic.php?t=2982
    <IfModule !mod_php5.c>
    <IfModule !mod_php5_filter.c>
    <IfModule !mod_php5_hooks.c>
    <IfModule mod_actions.c>
    <IfModule mod_alias.c>
    <IfModule mod_mime.c>
    <IfModule mod_fcgid.c>
        AddHandler php-fcgi .php
        Action php-fcgi /fcgid-bin/php-fcgid-wrapper
        Alias /fcgid-bin/ /srv/www/hostname/fcgid-bin/

        <Location /fcgid-bin/>
            SetHandler fcgid-script
            Options +ExecCGI
        </Location>

        ReWriteEngine On
        ReWriteRule ^/fcgid-bin/[^/]*$ / [PT]
    </IfModule>
    </IfModule>
    </IfModule>
    </IfModule>
    </IfModule>
    </IfModule>
    </IfModule>
</VirtualHost>

Best Answer

<Directory /srv/www/hostname/public>
    Order allow,deny
    Allow from all
</Directory>

That doesn't include /srv/www/hostname/fcgid-bin/; assuming there's no Allow applying to it elsewhere in your config, this is the problem. You'll need to Allow access to this location.

Related Topic