Per requirements of a project I am working on, the apache httpd.conf must have the following restrictive setting as a security measure.
<Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory>
I’ve added this for my virtual host, which was also set out by my project requirements.
<Directory /var/www/html/> Options -Indexes -Includes -FollowSymLinks -MultiViews AuthType None Order allow,deny <LimitExcept GET POST OPTIONS> Deny from all </LimitExcept> </Directory>
To be certain, this site is secure indeed, but I cannot even access my index.html! I’m am encountered with this error “You don’t have permission to access / on this server.”
When I remove the restrictive root directory settings, everything works perfectly fine. How do I go about fixing up my configuration, but sticking to the requirements? It seems to me like adding the directive for the document root in my virtual host did not work as expected or maybe I’m just not doing something else properly?
You forgot to
Allow from something in your virtual host’s
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.