Why apache throwing forbidden when directory is in home?

Question

Apache simply unable to access directory (forbidden 403 error), unable to identify the reason why ?

I have made a vhost as:

created: /etc/apache2/sites-available/dev.testvhost.com.conf

<VirtualHost *:80>
    DocumentRoot /home/najam/projects/php/testvhost
    ServerName dev.testvhost.com
</VirtualHost>

added servername in /etc/hosts

127.0.0.1       dev.testvhost.com

executed command:

sudo a2ensite dev.testvhost.com.conf

then:

sudo service apache2 restart 

pointing browser to http://dev.testvhost.com gives 403 forbidden error, while error log shows following on each refresh.

[Wed Jul 13 16:19:42.277573 2016] [authz_core:error] [pid 20067] [client 127.0.0.1:58230] AH01630: client denied by server configuration: /home/najam/projects/php/testvhost/

I am very sure about the issue causing error because "testvhost" folder is in home directory "/home/najam/projects/php/testvhost" and when I move the folder to /var/www/ it starts working (no forbidden error) (after modify documentroot path accordingly in dev.testvhost.com.conf)

Answer 1

Try editing your dev.testvhost.com.conf to add the Require all granted directive for the directory you want to be accessible

<VirtualHost *:80>
    DocumentRoot /home/najam/projects/php/testvhost
    ServerName dev.testvhost.com

    <Directory "/home/najam/projects/php/testvhost">
        Require all granted
    </Directory>
</VirtualHost>

This block is controlled by Apache's module mod_authz_core. See the docs.

Answer 2

Apache using another user account, called daemon/www-data depending on the installation. If you switch to the particular user and try to get inside the directory you mentioned above then it won't be possible due to permission problems.

su www-data # switch to the user apache running on
cd /home/najam/projects/php/testvhost

It will return an error. So you need to add permissions to the particular directory recursively.

The other problem that /var/www configured in your httpd.conf to allow connections inside it by default. As /home is not a subdirectory of /var/www then you need apache like permissions to the directory:

<VirtualHost *:80>
 DocumentRoot /home/najam/projects/php/testvhost
 ServerName dev.testvhost.com
 <Directory "/home/najan/projects/php/testvhost">
   Allowoverride all
   Order allow,deny
   Allow from all
   Require all granted 
 </Directory>
</VirtualHost>

This should do the trick.

If not, then you could exchange the Directory directive inside your httpd.conf to your home directory from /var/www, so it applies it's rules to it. The other solution could be to add www-data your user group.