Directory index forbidden by rule
by Walt Stoneburner
"Son of a *&^%$!"
Lemme guess, you're facing the elusive
"DocumentRoot Directory index forbidden by rule" problem
with Apache. You've searched the web and found nothing of use.
I first bumped up against it running
Mambo, the OpenSource
dynamic portal engine and content management system; things
worked when the server was started manually as root,
but not if you rebooted the system and let /etc/rc.d
bring it up.
Your web page delivers this:
You don't have permission to access / on this server.
And your log says this:
Directory index forbidden by rule: some directory
Here's the solution.
Your problem has to do with the fact that Apache doesn't have permission
to access the directory your virtual site is trying to deliver.
"How can that be?" you wonder, knowing that your web server account
has full permission to the directory. And, quite possibly, you did
some clever testing and even got a file to serve, but it's still
not working right.
In the case of
Options Indexes the server is trying to read
the directory, because it's going to dynamically build you an index.
Problem it, it doesn't have permission to.
Yes, it has
file permissions, but not
your permission
and blessing as the web master.
Go back and check your
<Directory ...> entries. Unless
your virtual site's
DocumentRoot is listed there, Apache won't
be able to get at it.
You
need the
Directory listing in
addition
to the
DocumentRoot. The reason it "normally" works is because
most of the time the directory is within Apache installation structure
or has been explictly provided by your distribution.
Note that
/ may be denied, but
/usr/local/apache/htdocs
or
/var/www is listed. You just need to add your own.
Example of correctly accessing a directory outside the tree:
<Directory "/your/virtualhost/docroot/with/noslash">
Options All ExecCGI FollowSymLinks Includes Indexes
Allow from All
Order Allow,Deny
AllowOverride All Options
</Directory>
<VirtualHost *:80>
ServerName www.newvirtualhost.com
Options All ExecCGI FollowSymLinks Indexes
DirectoryIndex index.php index.html index.hml index.phtml index.shtml
DocumentRoot "/your/virtualhost/docroot/with/noslash"
</VirtualHost>
New problem.
You've put a file inside the Apache's html directory, and existing
files can be served, but new ones you created can't.
Even more confusing, if you copy or rename an existing file for
testing purposes, that works.
You've checked, and the file owners and permissions of the broken
files are identical to the working files. You've combed the
httpd.conf file and found nothing out of place.
What's wrong?
You've been bit by SELinux.
The secure environment of SELinux, usually installed with Fedora Core 4,
provides a security context with each file, directory, device and so forth.
The easiest solution is to turn it off. Really.
Edit the file
/etc/selinux/config and set SELINUX=disabled.
You may need to reboot to make this change take affect.