AllowOverride all causes error 403

Lily Bergonzat picture Lily Bergonzat · Apr 19, 2014 · Viewed 8.6k times · Source

I recently created a virtual host with WampServer (Version 2.4) so I can access my local website with the url http://yannbergonzat.local :

<VirtualHost *>
    ServerName yannbergonzat.local
    DocumentRoot "F:\Projets\Web\yann"
    DirectoryIndex index.php
</VirtualHost>

And here is the Directory tag from httpd.conf :

<Directory />
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

This website is made with Symfony2, so yannbergonzat.local leads to a folder. If you want to access the actual website, you have to go to yannbergonzat.local/web/app.php .

I created a .htaccess file so the website can be seen with yannbergonzat.local :

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ web/$1 [QSA,L]
</IfModule>

And now is the problem. Depending on the value of AllowOverride, there are errors.

When AllowOverride is set on "all"

The .htaccess file is read, the site can be accessed on yannbergonzat.local, but the resources (stylesheets, javascripts) which are in another folder cannot be accessed (error 403)

When AllowOverride is set on "none"

The .htaccess file is not read, the site can not be accessed on yannbergonzat.local (it shows the content of the folder), you have to write the entire url (yannbergonzat.local/web/app.php), but the resources (stylesheets, javascripts) which are in another folder can be accessed.

What should I do to have the website on yannbergonzat.local with the resources from other folders working fine ?

Answer

RiggsFolly picture RiggsFolly · Apr 19, 2014

This change to httpd.conf is VERY DANGEROUS

<Directory />
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

as it allows all access to the whole of the drive you installed WampServer( Apache ) onto, if thats the C:\ drive you are making a hackers life very easy!

You should change httpd.conf that back to

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

And add the directory specification to your VHOST definition like this

<VirtualHost *:80>
    ServerName yannbergonzat.local
    DocumentRoot "F:\Projets\Web\yann"
    DirectoryIndex index.php
    <Directory "F:\Projets\Web\yann">
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
    </Directory>
</VirtualHost>

AllowOverride none is an instruction to Apache to ignore any .htaccess files, so that explains what you have described.

When setting up a Symfony2 site this is the recommended config for a Virtual Host setup. You specify the /web folder as the DocumentRoot See documentation

So I am assuming (you dont specify the actual folder structure) you would need something like this:

<VirtualHost *:80>
    ServerName yannbergonzat.local
    DocumentRoot "F:/Projets/Web/yann/web"
    DirectoryIndex index.php

    <Directory "F:/Projets/Web/yann/web">
        # enable the .htaccess rewrites
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

This will almost definitely fix your 403 error as you are now granting access Require all granted to the folder that the site actually exists in.