apache - Forbidden, no permission on server htaccess -
i put site online when go url error:
forbidden
you don't have permission access / on server.
i think there wrong in htacces file... think has got in file
<filesmatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$"> require granted satisfy </filesmatch> is correct or need more info htacces file?
# apache server configs v1.1.0 | mit license # https://github.com/h5bp/server-configs-apache # (!) using `.htaccess` files slows down apache, therefore, if have access # main server config file (usually called `httpd.conf`), should add # logic there: http://httpd.apache.org/docs/current/howto/htaccess.html. # ############################################################################## # # cross-origin resource sharing (cors) # # ############################################################################## # ------------------------------------------------------------------------------ # | cross-domain ajax requests | # ------------------------------------------------------------------------------ # enable cross-origin ajax requests. # http://code.google.com/p/html5security/wiki/crossoriginrequestsecurity # http://enable-cors.org/ # <ifmodule mod_headers.c> # header set access-control-allow-origin "*" # </ifmodule> # ------------------------------------------------------------------------------ # | cors-enabled images | # ------------------------------------------------------------------------------ # send cors header images when browsers request it. # https://developer.mozilla.org/en/cors_enabled_image # http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html # http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ <ifmodule mod_setenvif.c> <ifmodule mod_headers.c> <filesmatch "\.(gif|ico|jpe?g|png|svgz?|webp)$"> setenvif origin ":" is_cors header set access-control-allow-origin "*" env=is_cors </filesmatch> </ifmodule> </ifmodule> # ------------------------------------------------------------------------------ # | web fonts access | # ------------------------------------------------------------------------------ # allow access domains web fonts <ifmodule mod_headers.c> <filesmatch "\.(eot|font.css|otf|ttc|ttf|woff)$"> header set access-control-allow-origin "*" </filesmatch> </ifmodule> # ############################################################################## # # errors # # ############################################################################## # ------------------------------------------------------------------------------ # | 404 error prevention non-existing redirected folders | # ------------------------------------------------------------------------------ # prevent apache returning 404 error rewrite if directory # same name not exist. # http://httpd.apache.org/docs/current/content-negotiation.html#multiviews # http://www.webmasterworld.com/apache/3808792.htm options -multiviews # ------------------------------------------------------------------------------ # | custom error messages / pages | # ------------------------------------------------------------------------------ # can customize apache returns client in case of error (see # http://httpd.apache.org/docs/current/mod/core.html#errordocument), e.g.: errordocument 404 /404.html # ############################################################################## # # internet explorer # # ############################################################################## # ------------------------------------------------------------------------------ # | better website experience | # ------------------------------------------------------------------------------ # force ie render pages in highest available mode in various # cases when may not: http://hsivonen.iki.fi/doctype/ie-mode.pdf. <ifmodule mod_headers.c> header set x-ua-compatible "ie=edge" # `mod_headers` can't match based on content-type, however, # want send header html pages , not other resources <filesmatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$"> header unset x-ua-compatible </filesmatch> </ifmodule> # ------------------------------------------------------------------------------ # | cookie setting iframes | # ------------------------------------------------------------------------------ # allow cookies set iframes in ie. # <ifmodule mod_headers.c> # header set p3p "policyref=\"/w3c/p3p.xml\", cp=\"idc dsp cor adm devi taii psa psd ivai ivdi coni our ind cnt\"" # </ifmodule> # ------------------------------------------------------------------------------ # | screen flicker | # ------------------------------------------------------------------------------ # stop screen flicker in ie on css rollovers (this works in # combination `expiresbytype` directives images below). # browsermatch "msie" brokenvary=1 # browsermatch "mozilla/4.[0-9]{2}" brokenvary=1 # browsermatch "opera" !brokenvary # setenvif brokenvary 1 force-no-vary # ############################################################################## # # mime types , encoding # # ############################################################################## # ------------------------------------------------------------------------------ # | proper mime types files | # ------------------------------------------------------------------------------ <ifmodule mod_mime.c> # audio addtype audio/mp4 m4a f4a f4b addtype audio/ogg oga ogg # javascript # normalize standard type (it's sniffed in ie anyways): # http://tools.ietf.org/html/rfc4329#section-7.2 addtype application/javascript js addtype application/json json # video addtype video/mp4 mp4 m4v f4v f4p addtype video/ogg ogv addtype video/webm webm addtype video/x-flv flv # web fonts addtype application/font-woff woff addtype application/vnd.ms-fontobject eot # browsers ignore font mime types , sniff content, # however, chrome shows warning if other mime types used # following fonts. addtype application/x-font-ttf ttc ttf addtype font/opentype otf # make svgz fonts work on ipad: # https://twitter.com/fontsquirrel/status/14855840545 addtype image/svg+xml svg svgz addencoding gzip svgz # other addtype application/octet-stream safariextz addtype application/x-chrome-extension crx addtype application/x-opera-extension oex addtype application/x-shockwave-flash swf addtype application/x-web-app-manifest+json webapp addtype application/x-xpinstall xpi addtype application/xml atom rdf rss xml addtype image/webp webp addtype image/x-icon ico addtype text/cache-manifest appcache manifest addtype text/vtt vtt addtype text/x-component htc addtype text/x-vcard vcf </ifmodule> # ------------------------------------------------------------------------------ # | utf-8 encoding | # ------------------------------------------------------------------------------ # use utf-8 encoding served `text/html` or `text/plain`. adddefaultcharset utf-8 # force utf-8 file formats. <ifmodule mod_mime.c> addcharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml </ifmodule> # ############################################################################## # # url rewrites # # ############################################################################## # ------------------------------------------------------------------------------ # | rewrite engine | # ------------------------------------------------------------------------------ # turning on rewrite engine , enabling `followsymlinks` option # necessary following directives work. # if web host doesn't allow `followsymlinks` option, may need # comment out , use `options +symlinksifownermatch` but, aware of # performance impact: http://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks # also, cloud hosting services require `rewritebase` set: # http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-mod-rewrite-not-working-on-my-site <ifmodule mod_rewrite.c> options +followsymlinks # options +symlinksifownermatch rewriteengine on # rewritebase / </ifmodule> # ------------------------------------------------------------------------------ # | suppressing / forcing "www." @ beginning of urls | # ------------------------------------------------------------------------------ # same content should never available under 2 different urls # not , without "www." @ beginning. can cause seo problems # (duplicate content), therefore, should choose 1 of alternatives , # redirect other one. # default option 1 (no "www.") activated: # http://no-www.org/faq.php?q=class_b # if you'd prefer use option 2, comment out lines option 1 # , uncomment ones option 2. # important: never use both rules @ same time! # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # option 1: rewrite www.example.com → example.com <ifmodule mod_rewrite.c> rewritecond %{https} !=on rewritecond %{http_host} ^www\.(.+)$ [nc] rewriterule ^ http://%1%{request_uri} [r=301,l] </ifmodule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # option 2: rewrite example.com → www.example.com # aware following might not idea if use "real" # subdomains parts of website. # <ifmodule mod_rewrite.c> # rewritecond %{https} !=on # rewritecond %{http_host} !^www\..+$ [nc] # rewritecond %{http_host} !=localhost [nc] # rewritecond %{http_host} !=127.0.0.1 # rewriterule ^ http://www.%{http_host}%{request_uri} [r=301,l] # </ifmodule> # ############################################################################## # # security # # ############################################################################## # ------------------------------------------------------------------------------ # | content security policy (csp) | # ------------------------------------------------------------------------------ # can mitigate risk of cross-site scripting , other content-injection # attacks setting content security policy whitelists trusted sources # of content site. # example header below allows scripts loaded current # site's origin (no inline scripts, no cdn, etc). won't # work as-is site! # details you'll need craft reasonable policy site, # read: http://html5rocks.com/en/tutorials/security/content-security-policy (or # see specification: http://w3.org/tr/csp). # <ifmodule mod_headers.c> # header set content-security-policy "script-src 'self'; object-src 'self'" # <filesmatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$"> # header unset content-security-policy # </filesmatch> # </ifmodule> # ------------------------------------------------------------------------------ # | file access | # ------------------------------------------------------------------------------ # block access directories without default document. # should leave uncommented because shouldn't allow # surf through every directory on server (which may includes rather # private places cms's directories). <ifmodule mod_autoindex.c> options -indexes </ifmodule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # block access hidden files , directories. # includes directories used version control systems such git , svn. <ifmodule mod_rewrite.c> rewritecond %{script_filename} -d [or] rewritecond %{script_filename} -f rewriterule "(^|/)\." - [f] </ifmodule> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # block access backup , source files. # these files may left text editors , can pose great security # danger when has access them. <filesmatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$"> require granted satisfy </filesmatch> # ------------------------------------------------------------------------------ # | secure sockets layer (ssl) | # ------------------------------------------------------------------------------ # rewrite secure requests prevent ssl certificate warnings, e.g.: # prevent `https://www.example.com` when certificate allows # `https://secure.example.com`. # <ifmodule mod_rewrite.c> # rewritecond %{server_port} !^443 # rewriterule ^ https://example-domain-please-change-me.com%{request_uri} [r=301,l] # </ifmodule> # ------------------------------------------------------------------------------ # | http strict transport security (hsts) | # ------------------------------------------------------------------------------ # force client-side ssl redirection. # if user types "example.com" in browser, above rule redirect # him secure version of site. still leaves window of oppor- # tunity (the initial http connection) attacker downgrade or redirect # request. following header ensures browser connect # server via https, regardless of users type in address bar. # http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14#section-6.1 # http://www.html5rocks.com/en/tutorials/security/transport-layer-security/ # (!) remove `includesubdomains` optional directive if subdomains # not using https. # <ifmodule mod_headers.c> # header set strict-transport-security "max-age=16070400; includesubdomains" # </ifmodule> # ------------------------------------------------------------------------------ # | server software information | # ------------------------------------------------------------------------------ # avoid displaying exact apache version number, description of # generic os-type , information apache's compiled-in modules. # add directive in `httpd.conf` not work in `.htaccess`! # servertokens prod # ############################################################################## # # web performance # # ############################################################################## # ------------------------------------------------------------------------------ # | compression | # ------------------------------------------------------------------------------ <ifmodule mod_deflate.c> # force compression mangled headers. # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping <ifmodule mod_setenvif.c> <ifmodule mod_headers.c> setenvifnocase ^(accept-encodxng|x-cept-encoding|x{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[x~-]{4,13}$ have_accept-encoding requestheader append accept-encoding "gzip,deflate" env=have_accept-encoding </ifmodule> </ifmodule> # compress output labeled 1 of following mime-types # (for apache versions below 2.3.7, don't need enable `mod_filter` # , can remove `<ifmodule mod_filter.c>` , `</ifmodule>` lines # `addoutputfilterbytype` still in core directives). <ifmodule mod_filter.c> addoutputfilterbytype deflate application/atom+xml \ application/javascript \ application/json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/x-web-app-manifest+json \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/html \ text/plain \ text/x-component \ text/xml </ifmodule> </ifmodule> # ------------------------------------------------------------------------------ # | content transformations | # ------------------------------------------------------------------------------ # prevent of mobile network providers modifying content of # site: http://www.w3.org/protocols/rfc2616/rfc2616-sec14.html#sec14.9.5. # <ifmodule mod_headers.c> # header set cache-control "no-transform" # </ifmodule> # ------------------------------------------------------------------------------ # | etag removal | # ------------------------------------------------------------------------------ # since we're sending far-future expires headers (see below), etags can # removed: http://developer.yahoo.com/performance/rules.html#etags. # `fileetag none` not enough every server. <ifmodule mod_headers.c> header unset etag </ifmodule> fileetag none # ------------------------------------------------------------------------------ # | expires headers (for better cache control) | # ------------------------------------------------------------------------------ # following expires headers set pretty far in future. if don't # control versioning filename-based cache busting, consider lowering # cache time resources css , js 1 week. <ifmodule mod_expires.c> expiresactive on expiresdefault "access plus 1 month" # css expiresbytype text/css "access plus 1 year" # data interchange expiresbytype application/json "access plus 0 seconds" expiresbytype application/xml "access plus 0 seconds" expiresbytype text/xml "access plus 0 seconds" # favicon (cannot renamed!) expiresbytype image/x-icon "access plus 1 week" # html components (htcs) expiresbytype text/x-component "access plus 1 month" # html expiresbytype text/html "access plus 0 seconds" # javascript expiresbytype application/javascript "access plus 1 year" # manifest files expiresbytype application/x-web-app-manifest+json "access plus 0 seconds" expiresbytype text/cache-manifest "access plus 0 seconds" # media expiresbytype audio/ogg "access plus 1 month" expiresbytype image/gif "access plus 1 month" expiresbytype image/jpeg "access plus 1 month" expiresbytype image/png "access plus 1 month" expiresbytype video/mp4 "access plus 1 month" expiresbytype video/ogg "access plus 1 month" expiresbytype video/webm "access plus 1 month" # web feeds expiresbytype application/atom+xml "access plus 1 hour" expiresbytype application/rss+xml "access plus 1 hour" # web fonts expiresbytype application/font-woff "access plus 1 month" expiresbytype application/vnd.ms-fontobject "access plus 1 month" expiresbytype application/x-font-ttf "access plus 1 month" expiresbytype font/opentype "access plus 1 month" expiresbytype image/svg+xml "access plus 1 month" </ifmodule> # ------------------------------------------------------------------------------ # | filename-based cache busting | # ------------------------------------------------------------------------------ # if you're not using build process manage filename version revving, # might want consider enabling following directives route # requests such `/css/style.12345.css` `/css/style.css`. # understand why important , better idea `*.css?v231`, read: # http://stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring # <ifmodule mod_rewrite.c> # rewritecond %{request_filename} !-f # rewriterule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [l] # </ifmodule> # ------------------------------------------------------------------------------ # | file concatenation | # ------------------------------------------------------------------------------ # allow concatenation within specific css , js files, e.g.: # inside of `script.combined.js` have # <!--#include file="libs/jquery.js" --> # <!--#include file="plugins/jquery.idletimer.js" --> # , included single file. # <ifmodule mod_include.c> # <filesmatch "\.combined\.js$"> # options +includes # addoutputfilterbytype includes application/javascript application/json # setoutputfilter includes # </filesmatch> # <filesmatch "\.combined\.css$"> # options +includes # addoutputfilterbytype includes text/css # setoutputfilter includes # </filesmatch> # </ifmodule> # ------------------------------------------------------------------------------ # | persistent connections | # ------------------------------------------------------------------------------ # allow multiple requests sent on same tcp connection: # http://httpd.apache.org/docs/current/en/mod/core.html#keepalive. # enable if serve lot of static content but, aware of # possible disadvantages! # <ifmodule mod_headers.c> # header set connection keep-alive # </ifmodule> rewriteengine on rewriterule ^\white$ /index.html [l] rewriterule ^\black$ /index-zwart.html [l] rewritecond %{http_user_agent} libwww-perl.* rewriterule .* – [f,l]
use following process:
- check file permissions on index.html
- if not readable, make readable
- otherwise,
- uncomment
rewritebasedirective
Comments
Post a Comment