Apache 2.4.6 on Ubuntu Server: Client denied by server configuration (PHP FPM) [While loading PHP file]

Question

Today I was updated Ubuntu server 13.04 (Raring Ringtail) → 13.10 (Saucy Salamander).

And my Apache 2 installation is broken.

Here my configuration:

File error.log

[Fri Oct 18 10:48:07.237170 2013] [:notice] [pid 8292:tid 139804677900160] FastCGI: process manager initialized (pid 8292)
[Fri Oct 18 10:48:07.241185 2013] [mpm_event:notice] [pid 8289:tid 139804677900160] AH00489: Apache/2.4.6 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Fri Oct 18 10:48:07.241652 2013] [core:notice] [pid 8289:tid 139804677900160] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 18 10:48:28.313923 2013] [authz_core:error] [pid 8294:tid 139804573181696]   [client 81.219.59.75:3536] AH01630: client denied by server configuration: /usr/lib/cgi-bin/php5-fcgi

File default.conf

#EU
<VirtualHost *:80>
    #ServerName
    DocumentRoot /var/www/dev_stable

    DirectoryIndex index.php index.html index.htm

    <Directory /var/www/dev_stable>
          Options Indexes FollowSymLinks MultiViews

          AllowOverride all
          Require all granted
    </Directory>
</VirtualHost>

File mods-enabled/fastcgi.conf

#<IfModule mod_fastcgi.c>
#  AddHandler fastcgi-script .fcgi
# FastCgiWrapper /usr/lib/apache2/suexec
#  FastCgiIpcDir /var/lib/apache2/fastcgi
#</IfModule>


<IfModule mod_fastcgi.c>
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
</Ifmodule>

When I trying to load the file via the browser I got:

site_name/TEST/

Forbidden

You don't have permission to access /php5-fcgi/TEST/index.php on this server.

What should I to fix it?

Answer 1

I have exactly the same issue. I ran a couple of virtual hosts on my local machine for developing.

First, I changed /etc/apache2/conf-available/php5-fpm.conf. I replaced every

Order Deny,Allow
Deny from all

to

Require all granted

The configuration has to be enabled by a2enconf php5-fpm. I did the same with my virtual hosts configurations and made the replacements.

I think this is not advised for security reasons, but as long as I use my server for local purposes only I can live with it.

Answer 2

I ran into this exact issue upon a new install of Apache 2.4. After a few hours of googling and testing I finally found out that I also had to allow access to the directory that contains the (non-existent) target of the Alias directive. That is, this worked for me:

# File: /etc/apache2/conf-available/php5-fpm.conf
<IfModule mod_fastcgi.c>
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization

    # NOTE: using '/usr/lib/cgi-bin/php5-cgi' here does not work,
    #   it doesn't exist in the filesystem!
    <Directory /usr/lib/cgi-bin>
        Require all granted
    </Directory>
</Ifmodule>