lighttpd reports 403 forbidden on any directory outside its docroot

maddog39 · 2008-04-01 01:44:44

Hello,

Im growing exteremeley frustrated with lighttpd on arch. I've never had so much trouble with a version of lighttpd on any distro. Nonetheless I only have one major problem left to solve. That is, anytime lighttpd tries to reference a directory or file outside of the document-root gives me a 403 - Forbidden. For example, my mod_userdir configuration doesnt work at all I get a 403 for every user with a public_html folder. Any directories I symlink to the document root are also inaccessible even though they have complete world access (0777) permissions. I've posted my lighttpd.conf file below. This same problem also applies to mod_alias directories.

# Written by Alec Hussey

# Modules to Load
server.modules = ( 
    "mod_access",
    "mod_alias",
    "mod_accesslog",
    "mod_dirlisting",
    "mod_rewrite",
    "mod_userdir",
    "mod_fastcgi",
)

# Root directory used for web documents
server.document-root = "/var/www"

# Where to log errors
server.errorlog = "/var/log/lighttpd/error.log"

# Pages that are called by default in / if found
index-file.names = (
    "index.php", "index.html",
    "index.htm", "default.htm",
    "index.lighttpd.html"
)

# Where to log visits to the web server
accesslog.filename = "/var/log/lighttpd/access.log"

# Default files or file extensions to deny access to
url.access-deny = ("~", ".inc")

# File extensions not considered static (as in scripts)
static-file.exclude-extensions = (".php")

# Port number the server runs on
server.port = 80

# Address the server runs on
#server.bind = "localhost"

# Custom error pages
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"

# Path to the servers' process ID file
server.pid-file = "/var/run/lighttpd.pid"

# Settings for virtual directories
dir-listing.activate = "enable"
dir-listing.encoding = "utf-8"
server.dir-listing = "enable"

# System user that the server runs as
server.username = "lighttpd"

# System group that the server runs under
server.groupname = "lighttpd"

# Rules for dynamic URL rewriting (basically the same as mod_rewrite)
# url.rewrite = ("^/$" => "/server-status")
# url.redirect = ("^/wishlist/(.+)" => "http://www.123.org/$1")

# URL Alias Configuration
alias.url = (
    "/madbb/" => "/home/maddog39/Projects/madbb/trunk/"
)

# User Directory Configuration
userdir.path = "public_html"
userdir.exclude-user = ("root", "postmaster")

# PHP FastCGI Configuration
fastcgi.server = (
    ".php" => ((
        "socket" => "/tmp/php-fastcgi.socket",
        "bin-path" => "/usr/bin/php-cgi",
        "bin-environment" => (
            "PHP_FCGI_CHILDREN" => "16",
            "PHP_FCGI_MAX_REQUESTS" => "10000"
        ),
        "bin-copy-environment" => ("PATH", "SHELL", "USER"),
        "broken-scriptfilename" => "enable"
    ))
)

Also note that this is an entirely custom config created by me for general use across systems. I've done alot of search and tried a few things but nothing seems to work and I dont have a clue whats going on and logs arent very helpful. Any help is appreciated.

Thanks!
-Alec

Last edited by maddog39 (2008-04-01 01:45:04)

nml · 2008-04-12 18:32:15

Same here.

Installed lighttpd today and did only 3 things:
1- Uncommented line "mod_userdir" from /etc/lighttpd/lighttpd.conf;
2- Added to /etc/lighttpd/lighttpd.conf lines
- userdir.path = "public_html"
- userdir.exclude-user = ( "root" )
accordingly to documentation;
3- Created a public_html in a user home directory.

After I restarted lighttpd, http://localhost works just fine... but when I try something like http://localhost/~usrname
I get a 404.

nml · 2008-04-12 18:41:28

Humm, I just found out that if I set userdir.basepath = "/home/" I start to get a 403 when trying http://localhost/~usrname, although in lighttpd documentation it says

userdir.basepath
if set, don't check /etc/passwd for homedir

so I shouldn't be even setting it to get there.

Ok, ignore the 403. If I chmod o+rx usrname everything works just fine.

Last edited by nml (2008-04-12 18:58:39)

firecat53 · 2009-06-21 04:00:50

<resurrecting old thread>Ok, so I have a project that I wanted (I thought) to keep in my home directory, and just symlink or use an alias to access it from /srv/http. However, as tuoppi reported above, the only way to enable this is to chmod 711 my home directory. What is the best way to handle this? Is that substantially less secure to have 711 on /home/<user>? Should I just keep my projects in /srv/http and add that to my backup list? This is just running the server on my laptop localhost only...not exposed to the world. I'm also intending to manage it with git, so does that change where it's easiest to store projects? Is this solely a lighttpd issue?

Thanks for any input!
Scott

Arch Linux

#1 2008-04-01 01:44:44

lighttpd reports 403 forbidden on any directory outside its docroot

#2 2008-04-12 18:32:15

Re: lighttpd reports 403 forbidden on any directory outside its docroot

#3 2008-04-12 18:41:28

Re: lighttpd reports 403 forbidden on any directory outside its docroot

#4 2009-06-21 04:00:50

Re: lighttpd reports 403 forbidden on any directory outside its docroot

Board footer