Subdomains returning HTTP 403 after updating Apache from 2.2 to 2.4


After an operating system upgrade which involved updating Apache from 2.2 to 2.4, I'm now getting 403s trying to access and However, works. What's going on?

The following is my vhosts.conf:

# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.

NameVirtualHost *:80

<VirtualHost *:80>

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/htdocs/

    # Set log file location
    ErrorLog /var/log/apache2/error_log
    CustomLog /var/log/apache2/access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php

<VirtualHost *:80>

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/status/

    DirectoryIndex index.php

    # Set log file location
    ErrorLog /var/log/apache2/status-error_log
    CustomLog /var/log/apache2/status-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied

<VirtualHost *:80>

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/files/

    DirectoryIndex index.html

    # Set log file location
    ErrorLog /var/log/apache2/files-error_log
    CustomLog /var/log/apache2/files-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php

I'm getting errors like this in the log:

[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer:
[Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php

apache2ctl -S returns the following:

[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:92)
         port 80 namevhost (/etc/apache2/vhosts.d/vhosts.conf:92)
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/"
User: name="wwwrun" id=30
Group: name="www" id=8

Best Answer

Apache 2.4 handles virtual host directive in a different way that 2.2, review the following link for examples.

Basically, change NameVirtualHost *:80 -> Listen 80

So it looks like this:

Listen 80

# This is the "main" server running on
DocumentRoot /www/mainserver

    DocumentRoot /www/example1

    # Other directives here ...

    DocumentRoot /www/example2

    # Other directives here ...

You might also want to check the rest of your httpd.conf and vhosts.conf for other deprecations and conflicts. See this link.

You're self answer is partially correct, the order/require change but if you browse that page, you'll see quite a few more. I'd suggest reading through it well and making sure you've tackled everything. Even if you get it working, check and double check, some of the changes might not break apache or even log.. but could cause other issues (security/stability).