403 Forbidder error in Linux LAMP

 How to change SELinux Context using semanage?

The semanage user command controls the mapping between the SELinux user and the roles and MLS/MCS levels.

Additionally, the error can manifest in several ways on the browser as indicated below:

• HTTP Error 403 – Forbidden
• Forbidden: You don’t have permission to access [directory] on this server
• 403 Forbidden
• Access Denied You don’t have permission to access
• 403 forbidden requests forbidden by administrative rules

• AH00132: file permissions deny server access
• AH00035: access denied because search permissions are missing on a component of the path

• HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed

#semanage fcontext -a -t httpd_sys_content_t "/Test(/.*)?"
#restorecon -Rv /Test

-a: option adds a record of the specified object type

-t: option specifies the SELinux Type for the object

The /.* applied it recursively to the directory content.

The restorecon command restores the newly added SELinux security context on the directory /Test and its files and sub-directories.

The ‘403 Forbidden Error‘ occurs due to the following main reasons:

1. Incorrect File / Directory Permissions

This error can be triggered due to incorrect file/folder permissions on the webroot directory. If the default file permissions are not adjusted to grant users access to the website files, then the chances of this error popping on a web browser are high.

2. Misconfiguration of the Apache Configuration Files

This error can also be attributed to a misconfiguration of one of the Apache configuration files. It could be an incorrect parameter that has been included or missing directives in the configuration file.

Fixing the ‘403 Forbidden Error’

If you have encountered this error, here are a few steps that you can take to remedy this.

1. Adjust file permissions & ownership of the webroot directory

Incorrect file permissions & directory ownership are known to restrict access to website files. So, firstly, be sure to assign the file permissions recursively to the webroot directory as shown.

The webroot directory should always have EXECUTE permissions and the index.html file should have READ permissions.

$ sudo chmod -R 775 /path/to/webroot/directory

Additionally, adjust the directory ownership as shown:

$ sudo chown -R user:group /path/to/webroot/directory

Where the user is the regular logged-in user and the group is www-data or apache.

Finally, reload or restart the Apache webserver for the changes to take effect.

$ sudo systemctl restart apache2
OR
$ sudo systemctl restart httpd

If this does not resolve the issue, proceed to the next step:

2. Adjust directives in Apache main configuration file

If you are on Debian-based Linux, in Apache’s main configuration file /etc/apache2/apache2.conf, ensure that you have this block of code:

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Save and exit and thereafter, restart the Apache.

If you are running Apache on RHEL-based distributions / CentOS systems, ensure that you relax access to the /var/www directory in the /etc/httpd/conf/httpd.conf main Apache configuration file.

<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>

Then save all the changes and reload Apache.

If after trying all these steps you are still getting the error, then please check the configuration of your virtual host files. We have detailed articles on how you can configure the Apache Virtual host file on: