Wampserver 403 on named virtual hosts outside of /www

Question

Wampserver tells me accessed denied when I try making a virtual host outside of the c:/wamp/www/ directory. I can make one fine within that directory. Even making a symbolic link to the folder works, but I would rather not have to use symbolic links. Why doesn't it work?

Here is the code I use at the end of httpd.conf

NameVirtualHost *:80

<VirtualHost *:80>  
DocumentRoot "c:/wamp/www" 
ServerName localhost 
ServerAlias localhost 
</VirtualHost> 

<VirtualHost *:80>
ServerName local.cascade
DocumentRoot c:/wamp/www/cascade/
</VirtualHost>

<VirtualHost *:80>
ServerName local.md9
ServerAlias local.md9
DocumentRoot "m:/Work/New MD9.ca/site/"
</VirtualHost>

<Directory "m:/Work/New MD9.ca/site/">
    Order Allow,Deny
    Allow from All
</Directory>

The "cascade" vh works fine.

Answer 1

I had the same issue but managed to resolve after looking at this question.

However, the accepted answer maybe isn't the best solution, depending on how secure you want your Apache configuration to be.

I think the solution should mention two things, first ensuring security isn't compromised and second; understanding the difference in access control configuration between Apache versions 2.2 and 2.4.

Ensuring security isn't compromised

Commenting out the suggested lines:

<Directory />
    AllowOverride none
    Require all denied
</Directory>

Means you remove the default strict security applied to ALL directories on your machine, as I understand it. Someone else could create a configuration pointing to your C:\very\sensitive\information directory and serve up content from there to a website (which is most likely to be a concern on a shared host). Interestingly, the following comment is made above that block:

# First, we configure the "default" to be a very restrictive set of 
# features.

Then beneath that block:

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.

It makes complete sense to lock everything down, then conditionally unlock per directory.

I came up with the following which points to the location on my machine where all my websites (served up via Apache virtual hosts) will live. This immediately follows the <Directory "d:/wamp/www/"></Directory> block.

<Directory "d:/wamp/sites/">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

Then within each of your virtual host configurations/aliases you can set the configuration that applies to that directory.

Difference in access control configuration

Configuring access control in more recent versions of Apache has changed.

What used to be:

Order allow,deny
Allow from all

Should now be:

Require all granted

For more info: http://httpd.apache.org/docs/current/upgrading.html

Answer 2

If you tried all the .conf edits above and none worked, try the following additional steps:

1) Make sure DocumentRoot and <Directory> locations are the same!

2) Double check "ServerName" domain spelling within your <VirtualHost> tags, and also check spelling of domain is the same in the HOST file (windows\system32\drivers\etc\hosts):

Example:

<VirtualHost *:80>
    DocumentRoot "D:/vhost_directory/website_directory"
    ServerName mywebsite.local
    <Directory "D:/vhost_directory/website_directory">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

3) Check conf files syntax:

cd \wamp\bin\apache\apache2.4.9\bin
httpd -t

4) Fix conf file errors until you get the output:

Syntax OK

5) Refresh domain name cache (must run console as administrator):

net stop dnscache
net start dnscache

6) Restart Apache service or Restart All Services on WAMP

Answer 3

I guess I should have looked at the http.conf more carefully. It's not that long, mostly comments. The troublesome part was this.

# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
# <Directory> blocks below.
#

<Directory />
    AllowOverride none
    Require all denied
</Directory>

I commented it out and now stuff works, although I guess it's less secure, but it is just a testing server.

I thought the <Directory "m:/Work/New MD9.ca/site/"> bit was supposed to take care of it but I guess not.

Answer 4

I know the question is old now and you have got it working, but I came up against this issue and solved it without removing the Require all denied tag.

You just have to add a Require local (or Require all for online access) tag to the Directory tag. e.g.

<VirtualHost *:80>
    ServerName local.md9
    ServerAlias local.md9
    DocumentRoot "m:/Work/New MD9.ca/site/"

    <Directory "m:/Work/New MD9.ca/site/">
        Order Allow,Deny
        Allow from All
        Require local
    </Directory>
</VirtualHost>

You can see the same rule declared in DocumentRoot directory in httpd.conf

Answer 5

The <Directory> tag should be inside the <VirtualHost *:80>

like this:

<VirtualHost *:80>
ServerName local.md9
ServerAlias local.md9
DocumentRoot "m:/Work/New MD9.ca/site/"
    <Directory "m:/Work/New MD9.ca/site/">
        Order Allow,Deny
        Allow from All
    </Directory>
</VirtualHost>

also note that for outside the default www folder you should use require instead of allow

<Directory />
    AllowOverride none
    Require all denied
</Directory>