The Linux Page

Forbidden -- client denied by server configuration

Working on a PHP application setup, I stumble upon a problem. Going to the installation page, I got the dreadful error:


You don't have permission to access <root-path>/admin/install on this server.

Looking at the error logs, the only thing reported was:

client denied by server configuration

The fact is that Apache does not tell you which setting actually forbids the access. I guess that's because once it gets checked by Apache, it is a blend of all the settings and not a tree being followed.

Looking a round, and since I already had that error not too long ago, I could not find the culprit. Yet, each time they referenced the usual options:

Order allow,deny
Deny from all
Allow from all

So I looked at my system declarations again... and everything looked just fine. I added the FollowSymLinks, just in case, but then I discovered that is done in the main .htaccess directory so my copy is useless at this point.

Then I thought, well... maybe there are other .htaccess. Sure enough, each single directory has an .htaccess file! That means Apache has to read all of those files before it can do anything. That's certainly a relatively small impact, but well... somewhat unexpected.

Most directories are marked as Deny for all. This means if you attempt to read a file in that directory, it fails. And my path was actually wrong. It did not end with a slash and thus the parent directory was being hit:

   instead of

By fixing just that I could see the installation page! No need to change any Apache settings!