Forbidden Error with .htaccess files in WordPress

Posted by | Posted in Apache, FollowSymlinks, Httpd, Linux, RewriteBase, RewriteCond, RewriteEngine, RewriteRule, Wordpress | Posted on 24-03-2010

I’ve been using WordPress for a number of years and decided to switch my permalink structure. It originally was set to the default setting of ?p=100. I wanted to increase my SEO so I changed it to the current format Year / Month / Day / Post-Name. When I switch over, wordpress automatically created a .htaccess file in my webroot folder and locked me out of my website with a Forbidden Error.

Forbidden
 
You don't have permission to access / on this server.

The .htaccess file that was created looked like this.

< IfModule mod_rewrite.c >
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
< / IfModule >

After chatting with my web administrator, we came to the conclusion that FollowSymlinks in Apache was off be default. I needed to manually turn it on. The new .htaccess file looks like this.

< IfModule mod_rewrite.c >
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
< / IfModule >

Additional Links:

Apache RewriteEngine
WordPress Codex for Permalinks

Activating Mod_Userdir.c in Apache2 – Ubuntu

Posted by | Posted in Command-Line, Guides, Linux, Ubuntu | Posted on 16-09-2009

This morning, I was working on allowing users of my web server to create web pages with in their home directory. Normally this is indicated by a URL of http://server.com/~useraccount and is activated by default. But during the Apache install process the module for modifying the user directory wasn’t activated.

List of things you’ll need to do.

1) Add the module to your virtual host.
2) Enable the module in apache2
3) Restart apache2
4) Create a web directory folder in your home folder
5) make sure your permissions are correct

Step 1, adding the module to your virtual host.

Normally in Ubuntu, your enabled virtual hosts (or virtual hosts that are current running) are located in /etc/apache2/sites-enabled/your_domain_naming_scheme. For this example, I’ll always name my virtual hosts after their qualified domain name (qdn).

sudo nano /etc/apache2/sites-enabled/server.com

With in your < virtualhost > < / virtualhost > tags, you need to add and If Module statement. An If Module states, that if the module exists in the apache lib directory, to go ahead and load it into ram. The common use of the UserDir statement is command and then directory. So in this case UserDir public_html. public_html is the directory that will need to be created in each user’s home directory in order for apache to map the URL to file systems correctly. In this case the URL of http://server.com/~dmccoy will be mapped to the file directory path of /home/dmccoy/public_html/.

        < IfModule mod_userdir.c >
                UserDir html
        < /IfModule >

a complete virtual host might look something like this.

NameVirtualHost *:80
< VirtualHost server.com:80 >
        ServerAdmin dmccoy@server.com
 
        DocumentRoot /var/www/server.com
        ServerName server.com
        ServerAlias server
 
        < Directory />
                Options FollowSymLinks
                AllowOverride None
        < /Directory>
        < Directory /var/www/server.com/ >
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
               # in /apache2-default/, but still have / go to the right place
              #RedirectMatch ^/$ /apache2-default/
        < /Directory >
 
        < IfModule mod_userdir.c >
                UserDir html
        < /IfModule >
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        < Directory "/usr/lib/cgi-bin" >
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        < /Directory >
 
        ErrorLog /var/log/apache2/server.com-error.log
# Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/server.com-access.log combined
        ServerSignature On
 
   Alias /doc/ "/usr/share/doc/"
    < Directory "/usr/share/doc/" >
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    < /Directory >
< /VirtualHost >

Step 2, Once you’ve told the virtual host to load the UserDir module, you’ll need to make sure it is enabled in apache2. You can find this out by looking in the /etc/apache2/mods-enabled/ directory.

Both of these files will need to be in the mods-enabled directory.

userdir.conf
userdir.load

If they are not, make sure they are in the mods-available directory located at /etc/apache2/mods-available/. If they are in the mods-available directory, all you need to do is symbolically link them into the mods-enabled directory.

sudo ln -s /etc/apache2/mods-available/userdir.conf /etc/apache2/mods-enabled/userdir.conf
sudo ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-enabled/userdir.load

Step 3, You’ll need to restart apache2 in order to activate the userdir module.

sudo /etc/init.d/apache2 restart

Step 4, Now that the userdir module is active you can now add the “public_html” directory to any user that wants a website.

Normal command line steps might look something like this.

For yourself

 
cd ~
mkdir public_html
echo "test" > public_html/index.html

Or for another account

 
sudo mkdir /home/USER/public_html
sudo echo "test" > home/USER/public_html/index.html

Step 5, You should now be able to type in your browser http://server.com/~dmccoy and see “test” if you get a Forbidden error, you’ll need to change the permissions on your home directory folder and your public_html folder.

 
chmod 701 /home/dmccoy
chmod 705 /home/dmccoy/public_html

Repeat steps 4 and 5 for every account that would like web access.

Apache 2 Module mod_userdir
Apache 1.3 Module mod_userdir
Per-user web directories

Installing and setting up Apache2 with Vhosts – Ubuntu

Posted by | Posted in Command-Line, Guides, Linux, Ubuntu | Posted on 22-07-2009

Apache is the most widely used website hosting applications. At the time of this article, Apache is reported to have about 70% of the market. While Microsoft IIS has dropped dramatically to 30%. I’ve personally been using Apache for the last 15 years had have never ever had any problems with the application. All the problems I’ve had were related to typos in my configuration files.

To get Apache up and running, you need to do 2 things.

1) install apache
2) start apache

That is basically all you need to know, to get apache up and running. Fairly simple. But of course human nature creeps in and we want to start customizing and personalizing.

To Installing apache2 via apt-get:

sudo apt-get install apache2

Starting apache2 for the first time

sudo /etc/init.d/apache2 start

If you get this error:

apache2: Could not determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName

You need to add “ServerName localhost” to the “/etc/apache2/conf.d/fqdn” file. This can all be done in a single command:

echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn

If you need to Start|Stop|Reload|etc Apache’s httpd daemon on Ubuntu, you’d want to use the “/etc/init.d/apache2″ commands:

Usage: /etc/init.d/apache2 {
start
stop
restart
reload
force-reload
start-htcacheclean
stop-htcacheclean
status
}

If you are using any other operating system, you’d want to use the apachectl command:

apachectl – Apache HTTP Server Control Interface

/usr/sbin/apachectl

apachectl commands

start : Loads the org.apache.httpd launchd job.
stop, graceful-stop : Unloads the org.apache.httpd launchd job.
restart, graceful : Unloads, then loads the org.apache.httpd launchd job.
fullstatus : Displays  a  full status report from mod_status. For this to work, 
you need to have mod_status enabled on your server and a text-based 
browser such as lynx available on your system. The URL used to access the 
status report can be set by editing the STATUSURL variable in the script.
 
status : Displays a brief status report. Similar to the fullstatus option, except 
that the list of requests currently being served is omitted.
 
configtest : Run a configuration file syntax test. It parses the configuration files 
and either reports Syntax Ok or detailed information about  the  particular 
syntax error. This is equivalent to apachectl -t.
 
The following option was available in earlier versions but has been removed. 
(It is now built into the httpd daemon).
 
startssl : To  start  httpd  with  SSL  support,  you should edit your configuration 
file to include the relevant directives and then use the normal apachectl start.

The main files/directories you will be working with first are:
apache2.conf : the configuration file
sites-available : a directory to let Apache know what sites are available to be accessed by httpd
sites-enables : a directory to let Apache know which websites need to be loading on start

A list of the default apache2 configuration file structure in “/etc/apache2/”:

dmccoy@server:/etc/apache2# ls -l /etc/apache2/
total 48
-rw-r--r-- 1 root root 10104 2009-04-01 11:01 apache2.conf
drwxr-xr-x 2 root root  4096 2009-07-17 05:16 conf.d
-rw-r--r-- 1 root root   378 2009-04-01 11:01 envvars
-rw-r--r-- 1 root root     0 2009-07-13 10:57 httpd.conf
drwxr-xr-x 2 root root 12288 2009-07-17 05:16 mods-available
drwxr-xr-x 2 root root  4096 2009-07-13 10:57 mods-enabled
-rw-r--r-- 1 root root   513 2009-04-01 11:01 ports.conf
drwxr-xr-x 2 root root  4096 2009-07-22 00:54 sites-available
drwxr-xr-x 2 root root  4096 2009-07-13 10:57 sites-enabled

The default web site is located at:

/var/www/index.html

if you launch the domain in a web browser “http://localhost” you should see a message “It Works!”. If you are using the server version with out a gui, you can use “lynx http://localhost”. If lynx isn’t installed, you can use apt-get to install it.

If you need to maintain more then (1) website, you can use a Virtual Host to manage its location and access. Below is the default Virtual Host sample, located in “/etc/apache2/sites-available/default/”

There are (4) lines that you need to change.
1) You’ll need to change the ServerAdmin from webmaster@localhost to your_admin_account@domain.name email address.
2) If you are changing your default location of DocumentRoot /var/www, you’ll need to edit the path here. An instance where you’d need to change this directory, is if it was located on a different hard drive or hard drive partition.
3) If you change your DocumentRoot, then you’ll need to change the Directory from /var/www/ to your new path.
4) You’ll also need to change your log names to allow easier management of multiple domains. ErrorLog /var/log/apache2/error.log and CustomLog /var/log/apache2/access.log combined could be changed to domain.name-error.log and domain.name-access.log.

< VirtualHost *:80 >
        ServerAdmin webmaster@localhost
 
        DocumentRoot /var/www
        < Directory />
                Options FollowSymLinks
                AllowOverride None
        < /Directory >
        < Directory /var/www/ >
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        < /Directory >
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        < Directory "/usr/lib/cgi-bin" >
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        < /Directory >
 
        ErrorLog /var/log/apache2/error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/access.log combined
 
    Alias /doc/ "/usr/share/doc/"
    < Directory "/usr/share/doc/" >
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    < /Directory >
< /VirtualHost >

Below is a sample VirtualHost file for a domain.

< VirtualHost *:80 >
        ServerAdmin dmccoy @ server .com
        ServerName server.com
        ServerAlias server
        DocumentRoot /var/www
        < Directory />
                Options FollowSymLinks
                AllowOverride None
        < /Directory >
        < Directory /var/www/server.com >
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        < /Directory >
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        < Directory "/usr/lib/cgi-bin" >
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        < /Directory >
 
        ErrorLog /var/log/apache2/server.com-error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/server.com-access.log combined
 
    Alias /doc/ "/usr/share/doc/"
    < Directory "/usr/share/doc/" >
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    < /Directory >
< /VirtualHost >

You’ll Notice that I added (2) extra lines. I added “ServerName” and “ServerAlias“.

ServerName : Description : Hostname and port that the server uses to identify itself
ServerName : Syntax : ServerName fully-qualified-domain-name[:port]
ServerName : Usage : ServerName www.example.com:80

ServerAlias : Description : Alternate names for a host used when matching requests to name-virtual hosts
ServerAlias : Syntax : ServerAlias hostname [hostname] …
ServerAlias : Usage : ServerAlias server server2.domain.com server2

If by change you need manage another domain, you can copy the default virtualhost file and edit those same 4 lines to create another domain. And if you have another, you repeat the steps until all your domains are entered.

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/domain.name

Now that you’ve made your sites available to httpd (Apache), you can now enable them to be used by httpd. The easiest way to do this, is to make a symbolic link from the sites-available directory to the sites-enabled directory. Below is how I would enable the default domain for this server.

sudo ln -s /etc/apache2/sites-available/default /etc/apache2/sites-enabled/default

Once you have enabled all the domains you need, you can now restart Apache to make them active.

sudo /etc/init.d/apache2 restart
[sudo] password for dmccoy: 
 * Restarting web server apache2
 ... waiting    ...done.

Join the mailing list

Check your email and confirm the subscription