[solved] 403 forbidden

Discussion in 'Bug Reports' started by guy100, Aug 26, 2012.

  1. guy100

    guy100 Member

    I have move a working site from one server to another.

    If i run it with Apache all si fine.

    But if i enable Litespeed i get

    403 Forbidden
    Access to this resource on the server is denied!

    Any help gonna be much appreciate.
    Last edited by a moderator: Aug 28, 2012
  2. mistwang

    mistwang LiteSpeed Staff

    You need to check /usr/local/apache/logs/error_log for reason why.
  3. guy100

    guy100 Member

    Thank you.
    Problem solved, it has to do with Script Restricted Permission Mask under Admin Console => Configuration => Server => Security.
  4. bobykus

    bobykus Well-Known Member

    I have a file with permissions 0640

    ls -la wp-content/uploads/2012/09/DSC_0547-150x150.jpg
    -rw-r----- 1 dannebbuffy dannebbuffy 9998 Sep 11 13:24 wp-content/uploads/2012/09/DSC_0547-150x150.jpg

    and the same set in Server > Security > Required Permission Mask 0640

    But still getting

    wget http://www.ultimat.nu/wp-content/uploads/2012/09/DSC_0547-150x150.jpg
    --2012-09-11 14:26:59-- http://www.ultimat.nu/wp-content/uploads/2012/09/DSC_0547-150x150.jpg
    Resolving www.ultimat.nu...
    Connecting to www.ultimat.nu||:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    2012-09-11 14:26:59 ERROR 403: Forbidden.

    Do you know why? The files with 0644 like

    ls -la wp-content/uploads/2012/09/IMG_2408.jpg
    -rw-r--r-- 1 dannebbuffy dannebbuffy 1801428 Sep 6 12:49 wp-content/uploads/2012/09/IMG_2408.jpg

    are just fine


    Restricted Permission Mask is set to 000
  5. webizen

    webizen Well-Known Member

    This sounds like your web server running user (nobody) is not in the same group of dannebbuffy and hence can _NOT_ read file with 0640 permission.
  6. bobykus

    bobykus Well-Known Member

    but this is a part of Wordpress, which supposed to be executed by lsphp5 and
    PHP suEXEC is Yes. Does it mean web server should read access to all users data anyway?
  7. webizen

    webizen Well-Known Member

    for shared hosting, 0640 permission should be OK.

    pls enable debug logging (loglevel -> low) via Admin Console and check error log (i.e., /usr/local/apache/logs/error_log) for more details of 403 error.
  8. bobykus

    bobykus Well-Known Member

    Here is a part

    2012-09-18 10:24:09.844 [DEBUG] [] write resumed!
    2012-09-18 10:24:09.844 [DEBUG] [] Written to client: 1211
    2012-09-18 10:24:09.844 [DEBUG] [] HttpIOLink::suspendWrite()...
    2012-09-18 10:24:09.863 [DEBUG] [] processContextPath() return 0
    2012-09-18 10:24:09.863 [DEBUG] [] readyCacheData() return 0
    2012-09-18 10:24:09.863 [DEBUG] [] HttpConnection::flush()!
    2012-09-18 10:24:09.863 [DEBUG] [] Written to client: 259
    2012-09-18 10:24:09.863 [DEBUG] [] HttpConnection::nextRequest()!
    2012-09-18 10:24:09.863 [DEBUG] [] processContextPath() return 0
    2012-09-18 10:24:09.864 [INFO] Failed to open file [/hsphere/local/home/ifdanemark/institutfrancais.dk/wp-content/uploads/2012/09/switchcraft_LL_701.jpg], error: Permission denied

    Does it mean the content from WP like images etc are server
    by litespeed not php?
  9. webizen

    webizen Well-Known Member

    the jpg is static file. according to wp rewrite rules, it will not go through php but be served by web server directly.

    check the permission of the file in question and the folder holds the file.
  10. bobykus

    bobykus Well-Known Member

    -rw-r----- 1 ifdanemark ifdanemark 14000 Sep 18 10:13 /hsphere/local/home/ifdanemark/institutfrancais.dk/wp-content/uploads/2012/09/switchcraft_LL_701.jpg

    drwxr-x--x 2 ifdanemark ifdanemark 8192 Sep 18 10:13 /hsphere/local/home/ifdanemark/institutfrancais.dk/wp-content/uploads/2012/09/

    this is how it is with WP uploaded images. They are 0640!Any way to fix it?
  11. webizen

    webizen Well-Known Member

    paste .htaccess (located in docroot) in here.
  12. bobykus

    bobykus Well-Known Member

    institutfrancais.dk # cat .htaccess

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    RedirectPermanent /fr/frankofoni2012 http://www.institutfrancais.dk/fr/i...en-for-fransk-sprog/projets/francophonie2012/

    RedirectPermanent /frankofoni2012 http://www.institutfrancais.dk/inst...en-for-fransk-sprog/projets/francophonie2012/

    RedirectPermanent /campusfrance https://docs.google.com/spreadsheet...mkey=dFVYMGxaQTlGbFQ2OURtc3VPMklsWnc6MQ#gid=0
  13. webizen

    webizen Well-Known Member

    for static file access, it is up to web server default running user. If the user is not in the account user's group, world readable permission is required.
  14. bobykus

    bobykus Well-Known Member

    but why Wp suddnly decide to upload files with 0640 permissions? it was not like this with apache+fcgid. means it was all 0644, umask was set to 022 in php wrapper. now permissions is screwed up! do you know how to fix it?
  15. bobykus

    bobykus Well-Known Member

    Found the source of the problem - if permissions to the upload folder is 0751, smarty WP do this

    $stat = stat( dirname( $new_file ));
    $perms = $stat['mode'] & 0000666;
    @ chmod( $new_file, $perms );

    means chmod 0640... Set permissions 0755 to upload folder and you are fine with 0644 for files!

Share This Page