Why is the apache launch banned when the repertoire is at home?


Apache simply unable to access directory (forbidden 403 error), unable to identify the reason why ?

I have made a vhost as:

created: /etc/apache2/sites-available/dev.testvhost.com.conf

<VirtualHost *:80>
    DocumentRoot /home/najam/projects/php/testvhost
    ServerName dev.testvhost.com

added servername in /etc/hosts       dev.testvhost.com

executed command:

sudo a2ensite dev.testvhost.com.conf


sudo service apache2 restart

pointing browser to http://dev.testvhost.com gives 403 forbidden error, while error log shows following on each refresh.

[Wed Jul 13 16:19:42.277573 2016] [authz_core:error] [pid 20067] [client] AH01630: client denied by server configuration: /home/najam/projects/php/testvhost/

I am very sure about the issue causing error because "testvhost" folder is in home directory "/home/najam/projects/php/testvhost" and when I move the folder to /var/www/ it starts working (no forbidden error) (after modify documentroot path accordingly in dev.testvhost.com.conf)

Apache using another user account, called daemon/www-data depending on the installation. If you switch to the particular user and try to get inside the directory you mentioned above then it won't be possible due to permission problems.

su www-data # switch to the user apache running on
cd /home/najam/projects/php/testvhost

It will return an error. So you need to add permissions to the particular directory recursively.

The other problem that /var/www configured in your httpd.conf to allow connections inside it by default. As /home is not a subdirectory of /var/www then you need apache like permissions to the directory:

<VirtualHost *:80>
 DocumentRoot /home/najam/projects/php/testvhost
 ServerName dev.testvhost.com
 <Directory "/home/najan/projects/php/testvhost">
   Allowoverride all
   Order allow,deny
   Allow from all
   Require all granted

This should do the trick.

If not, then you could exchange the Directory directive inside your httpd.conf to your home directory from /var/www, so it applies it's rules to it. The other solution could be to add www-data your user group.