Client denied by server configuration
This error means that the access to the directory on the file system was denied by an Apache configuration.
Apache HTTP server 2.4 notes
The 2.4 release introduced significant changes to the authorization and authentication process. Users of that release are encouraged to read this link to migrate their older config files.
Before you start
Before attempting to alter any existing config file, please take note of the full file system path for which access is being denied, and the IP or hostname of the client:
[<date here>] [error] [client ::1] client denied by server configuration: /var/www/example.com/
Using the correct path in the directory block for the following examples is essential to solving this problem. In this case, a client from the local machine (::1) is being denied access to /var/www/example.com .
Troubleshooting
First, remember «Directory» permissions propagate to subdirectories by default.
The possible causes are:
- Access was denied due to an explicit deny (2.2) directive or require (2.4) directive in a directory block or .htaccess file.
DocumentRoot /var/www/example.com
2.2:
<Directory /var/www/example.com> Order deny,allow Deny from all </Directory>
2.4:
<Directory /var/www/example.com> Require all denied </Directory>
In the above examples, using the following configuration will resolve the issue:
2.2:
<Directory /var/www/example.com> Order allow,deny Allow from all </Directory>
2.4:
<Directory /var/www/example.com> Require all granted </Directory>
- An attempt to access a directory outside of the DocumentRoot defined by an alias without a corresponding directory block.
DocumentRoot /var/www/example.com Alias /foo /var/www/foo
Solution (2.2):
<Directory /var/www/foo> Order allow,deny Allow from all </Directory>
Solution (2.4):
<Directory /var/www/foo> Require all granted </Directory>
- Proxying to a service with no explicit access in a location block.
ProxyPass /foo/ http://internal.example.com:8900/ ProxyPassReverse /foo/ http://internal.example.com:8900/
Solution (2.2):
<Location /foo> Order allow,deny Allow from all </Location>
Solution (2.4):
<Location /foo> Require all granted </Location>
- A PUT request was received; a 403 is the default response. Access can be granted with limitexcept (2.2) or mod_allowmethods (2.4).
- A mix of allow (2.2) and require (2.4) directives while using apache HTTPD 2.4, used in the same or separate directory blocks. The new 2.4 directives should be used exclusively, and the mod_access_compat module should be unloaded by commenting out the LoadModule directive.
<Directory /var/www/example.com> Order allow,deny Allow from all Require all granted </Directory>
The solution:
<Directory /var/www/example.com> Require all granted </Directory>
- Using mod_security with an explicit directive to deny access. Altering or commenting out the offending directives from that module will resolve the issue.
- Using a bandwidth or rate limiting module such as mod_evasive, mod_limitipconn or mod_bw. A capable firewall is far more efficient at limiting traffic bursts, and abusive clients.
Words of caution
The following configuration may be included in your apache HTTPD configuration; its purpose is to prevent unauthorized access to the root of the file system. Under no condition should it be altered. Instead, the existing directory block for the full file system path should be altered, or a new one should be created if it was not already present.
2.2:
<Directory /> Order deny,allow Deny from all </Directory>
2.4:
<Directory /> Require all denied </Directory>
Restricting access a little further
If granting full access to the resource in question is not an option, specific IP addresses, partial IP addresses, network masks and CIDR specifications can be used with the allow and require directives.
I just installed Magento 2 on HostGator with Linux+Cpanel.
Everything seems to work fine, however, any change I do on the Configuration it keeps loading and loading and never applies.
I checked the server logs and it shows:
[Thu Mar 03 11:40:43 2016] [error] [client 108.167.165.191] client denied by server configuration: /home3/e9u3j7z1/public_html/magento/app/etc/config.php
The file has 644 permission, because it is required by Cpanel, I tried to change it to 755, 777, 775 but it doesn’t solve the problem.
Someone could help?
asked Mar 3, 2016 at 18:22
1
What is the “Client denied by server configuration app/etc/local.xml” error in Magento?
The “Client denied by server configuration app/etc/local.xml” error in the web server error log represents Magento successfully blocking external access to the sensitive information within that file and reflects the normal, secure operation of your Magento installation.
You may safely ignore this message because it reflects the normal, secure operation of your Magento installation.
If the IP address shown in the log is your site’s IP address, it represents the Magento installation performing a routine security check. Its presence in the error logs indicates that the local.xml file, which contains sensitive credentials, is inaccessible over the Web. Your Magento installation performs this check whenever you log into the administrative control panel of your site.
If the IP address in the log is not your site’s IP address, it reflects a successful block of an external attempt to access this file, and is therefore desirable. The access attempts are sometimes made by automatic site scrapers or bots that search for vulnerable websites.
- See more at: https://docs.nexcess.net/article/what-is-the-%E2%80%9Cclient-denied-by-server-configuration-app-etc-local-xml%E2%80%9D-error.html#sthash.dIaSybtK.dpuf
answered May 26, 2016 at 14:00
DayssamDayssam
1311 silver badge6 bronze badges
3
I had a similar issue with the same error message and it turned out maintenance mode was enabled. Try running this from the root of your install:
php bin/magento maintenance:disable
answered Mar 10, 2016 at 2:24
Please use this command
find . -type f -exec chmod 644 {} ; // 644 permission for files
find . -type d -exec chmod 755 {} ; // 755 permission for directory
find ./var -type d -exec chmod 777 {} ; // 777 permission for var folder
find ./pub/media -type d -exec chmod 777 {} ;
find ./pub/static -type d -exec chmod 777 {} ;
chmod 777 ./app/etc
chmod 644 ./app/etc/*.xml
answered Mar 14, 2017 at 6:26
gelanivishalgelanivishal
1,3061 gold badge12 silver badges25 bronze badges
Just wanted to clarify this for anyone who comes to this page via Google. The «client denied by server configuration» error is produced by Allow / Deny rules you have added or are present in an .htaccess file. You can see this particularly in the error pasted in the last reply…
[access_compat:error] [pid 5933] [client 127.0.0.1:48262] AH01797: client denied by server configuration: /var/www/html/app/etc/config.php
access_compat is an Apache module that allows you to use the old Apache 2.2 Allow and Deny directives in Apache 2.4, although they are deprecated. This gives a clue as to what is preventing access.
I found in my client’s installation, he had an htaccess file inside the /app directory with the following…
Order deny,allow
Deny from all
Commenting those out resolved the problem. Hope this helps anyone having this issue 
answered Dec 2, 2016 at 8:40
ChrisChris
171 bronze badge
2
If you are using .htaccess for directory protection, it appears that it may cause this issue. Try removing it or renaming your .htaccess to test.
answered Dec 19, 2017 at 3:20
ctroypctroyp
852 silver badges9 bronze badges
Best way to fix ‘client denied by server configuration’ in 2021
Welcome to our Knowledge Base
PostedJuly 5, 2022
UpdatedJuly 5, 2022
This kind of error appears on Apache Servers. It means Apache configuration is denying access to a directory/file. Most of the time, this error is observed on Apache 2.4 after upgrading from the older version 2.2 because of the difference in the configuration file syntaxes. Apache 2.4 introduced some changes to authentication and authorization configuration.
To fix the error, you need to make some changes to your Apache configuration which would comply with Apache 2.4 configuration.
Major Changes in version 2.4 to be considered:
-
- Authorization:
Authorization is a way of providing access to some resource/location to someone. All the configuration files using authorization should be changed according to the new changes. Directives controlling the behavior or the way of responding of Authorization when they mismatch with the user being authenticated have been removed in the version 2.4. For example, AuthzOwnerAuthoritative, AuthzDBDAuthoritative, AuthzGroupFileAuthoritative, AuthzLDAPAuthoritative, AuthzUserAuthoritative, and AuthzDBMAuthoritative.
Their replacements in the new version are RequireAll, RequireNone, RequireAny.
-
- Access Control:
In the older version like 2.2, Deny, Allow, Satisfy, Order directives were used to provide access control to the client requests based on a few characteristics like IP, Hostname, etc.
While in 2.4, module mod_authz_host is used for access control. Old access control directives should be replaced by the new ones.
Let’s see a few examples of defining access control in old and new way:
To deny all the requests:
2.2:
Order deny,allow
Deny from all
2.4:
Require all denied
To allow all the requests:
2.2:
Order allow,deny
Allow from all
2.4:
Require all granted
To deny all the requests from all the hosts except example.com:
2.2:
Order Deny,Allow
Deny from all
Allow from example.com
2.4:
Require host example.com
Now, we will try to use old directives in the configuration file of the version 2.4, and see how the server behaves. I have used below code in the configuration file of my website example.com:
<Directory /var/www/example.com/html/test>
Order deny,allow
Deny from all
</Directory>
I have Apache 2.4 running on my server. Now, when I try to access the directory “test”, I get a “403 Forbidden” error like this:
The detailed error from the logs is:
=====
[access_compat:error] [pid 1910] [client 192.168.2.7:50480] AH01797: client denied by server configuration: /var/www/example.com/html/test
=====
This is because I am using old directives like Order, Deny, etc. in the configuration file. If I change this code to below, and restart Apache service, the error will disappear, and I would be able to access the directory “test”:
<Directory /var/www/example.com/html/test>
Require all granted
</Directory>
Now, the directory should be accessible through web like this:
Let’s see this through GIF illustration.
This is my original code using Order, Deny, etc.:
I was seeing below errors:
In the browser:
In the logs:
I changed the code to below, and then restarted the Apache service to fix this error:
The browser shows the index.html page inside the “test” directory successfully now:
Summary:
To fix “client denied by server configuration” error:
- Remove all the lines containing “Order allow,deny”, “Order deny,allow”
- “Deny from all” should be replaced by “Require all denied”
- “Allow from all” should be replaced by “Require all granted”
- “Allow from example.com” should be replaced by “Require host example.com”
- Restart Apache service after making changes to the configuration files.
I’m trying to host a php based application with the following .htaccess values.
Options +FollowSymLinks
Options -Indexes
DirectoryIndex index.php
RewriteEngine On
RewriteBase /easydeposit
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
However, I keep facing the following two errors,
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/system/
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/private/
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/application/
[authz_core:error] [pid 25330:tid 27] AH01630: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/.htaccess
I’m not sure why this is happening. Any help is appreciated.
asked Aug 27, 2012 at 10:48
If you have recently upgraded to a version of Apache greater than version 2.2, the authz_core error error might be coming from your httpd.conf or httpd-vhosts.conf file in the <Document> tags. mod_authz_core was introduced in Apache 2.3 and changed the way that access control is declared.
So, for example, instead of the 2.2 way of configuring <Directory>…
<Directory "C:/wamp">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Order and Allow directives have been replaced with the Require directive:
<Directory "C:/wamp">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Sources
http://www.andrejfarkas.com/2012/06/fun-with-wamp-server-and-apache-2-4-2/
http://httpd.apache.org/docs/2.4/upgrading.html
answered Nov 6, 2012 at 19:32
MabbageMabbage
7751 gold badge7 silver badges12 bronze badges
1
This question/answer got me to the documentation for which I’m thankful, and the following was what solved it for me.
Previous .htaccess file:
# password protection allowing multiple resources
AuthType Basic
AuthName "Restricted Area"
AuthUserFile C:pathto.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI "(path/to/public_files/.*)$" allow
# these lines must be updated
Order allow,deny
# Allowing an ip range:
Allow from 69.69.69
# Allowing another range:
Allow from 71.71.71
Satisfy any
This configuration was producing errors like:
[Thu Dec 08 10:29:20.347782 2016] [access_compat:error] [pid 2244:tid 15876] [client 93.93.93.93:49340] AH01797: client denied by server configuration: C:/path/to/index.php
updated for 2.4 configuration
# 7 lines unchanged...shown again for clarification
AuthType Basic
AuthName "Restricted Area"
AuthUserFile C:pathto.htpasswd
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Request_URI "(path/to/public_files/.*)$" allow
# these are the changes replacing:
# Order allow,deny
# Allow from <range>
# Satisfy any
Require ip 69.69.69
Require ip 71.71.71
Require all granted
answered Dec 8, 2016 at 16:52
WEBjujuWEBjuju
5,4254 gold badges27 silver badges35 bronze badges
I doubt this has anything to do with your htaccess file. The errors are thrown by mod_access_compat, which provides the Allow, Deny, Order, and Satisfy directives. Somewhere, you probably have your allow’s and deny’s configured wrong. As for the .htaccess error at the end, it’s from mod_authz_core, so there may be something upstream that blocks access to .htaccess files outright.
answered Aug 27, 2012 at 17:16
Jon LinJon Lin
141k29 gold badges216 silver badges219 bronze badges
Are you sure that your are allowed to override Options in your .htaccess file? check main apache config file for this
answered Aug 27, 2012 at 10:53
SadeqSadeq
716 bronze badges
1
Options +FollowSymLinks
Options -Indexes
on many shared hosting the above code often the main problems
answered Aug 27, 2012 at 11:02
1
And you are absolutely sure that the apache user (probably _www) has access to the directory (/home/abc/opt/apache/htdocs/xyz/)?
answered Aug 27, 2012 at 11:08
1
For me, there was an .htaccess file in the wp-config folder that had these entries
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
That caused icons in the interface to show up as squares.
answered Feb 24, 2019 at 19:40
Since quite a while (over a month now) I see lines like the following in the apache logs:
180.76.15.138 - - [24/Jun/2015:16:13:34 -0400] "GET /manual/de/mod/module-dict.html HTTP/1.1" 403 396 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
180.76.15.159 - - [24/Jun/2015:16:28:34 -0400] "GET /manual/es/mod/mod_cache_disk.html HTTP/1.1" 403 399 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
66.249.75.86 - - [24/Jun/2015:16:18:01 -0400] "GET /manual/es/programs/apachectl.html HTTP/1.1" 403 436 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
[Wed Jun 24 16:13:34.430884 2015] [access_compat:error] [pid 5059] [client 180.76.15.138:58811] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/de/mod/module-dict.html
[Wed Jun 24 16:18:01.037146 2015] [access_compat:error] [pid 2791] [client 66.249.75.86:56362] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/es/programs/apachectl.html
[Wed Jun 24 16:28:34.461298 2015] [access_compat:error] [pid 2791] [client 180.76.15.159:25833] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/es/mod/mod_cache_disk.html
The requests seem to really come from Baiduspider and Googlebot (checked using reverse DNS as explained here):
user@server:~$ host 66.249.75.86
86.75.249.66.in-addr.arpa domain name pointer crawl-66-249-75-86.googlebot.com.
user@server:~$ host crawl-66-249-75-86.googlebot.com
crawl-66-249-75-86.googlebot.com has address 66.249.75.86
I have read similar questions about this topic like this and this, but for those, these errors are actually preventing the site to work correctly. In my case instead, the html pages that the bots try to access do not exist, and this is therefore the expected behaviour of Apache. Only annoyance, is that Google seems slow at indexing my site, although the Google Webmaster Tools do not show any errors.
I am using Apache version 2.4.7 with the following vhost configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/var/www/example.com/public"
<Directory />
Options None
AllowOverride None
Order Deny,Allow
Deny from all
Require all denied
</Directory>
<Directory "/var/www/example.com/public">
Options None
AllowOverride FileInfo Limit Options=FollowSymLinks
Order Allow,Deny
Allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/example.com/error.log
CustomLog /var/log/apache2/example.com/access.log combined
</VirtualHost>
My questions are therefore:
- why are Baiduspider and Googlebot repeatedly trying to access content on my site which is not there and not referred by any links on the site?
- how do requests like
GET /manual/de/mod/...get mapped to/usr/share/doc/apache2-doc/manual/de/mod/...while, to my understanding, they should go to/var/www/example.com/public/manual/de/mod/...? - in general: should I worry about those lines as a sign of misconfiguration, or is there an explanation for them?
If you have recently converted from Apache 2.2 to 2.4 you may notice messages in the error log like this:
[Wed Mar 23 13:08:11.163913 2016] [access_compat:error] [pid 19243:tid 140019733808896] [client xxx.xxx.xxx.xx:16275] AH01797: client denied by server configuration: /var/www
/html/domains/
www.somedomain.com/favicon.ico
but they seem benign.
When the domain is protected by a password, or access is only allowed from certain IPs, the old 2.2 syntax for protecting the page causes the benign error message above.
You may have had something like the following in your Apache 2.2 .htaccess file or VirtualHost:
Order deny,allow
Deny from all
AuthName “Private Page Content”
AuthType Basic
AuthUserfile /var/www/usernames/passwordfile
Require valid-user
Allow from xxx.xxx.xxx.0/26
Satisfy Any
For Apache 2.4 the equivalent is:
<RequireAny>
AuthName “Private Page Content”
AuthType Basic
AuthUserfile /var/www/usernames/passwordfile
Require valid-user
Require ip xxx.xxx.xxx.0/26
</RequireAny>
RequireAny means allow access if any of the requirements is met. You can replace it with RequireAll to make it so that all requirements must be met.
For more information click here.