Best way to fix ‘client denied by server configuration’ in 2021

#

Best way to fix ‘client denied by server configuration’ in 2021

  • 0 comments Nick Rose
Welcome to our Knowledge Base
Table of Contents
< All Topics
Print

This kind of error appears on Apache Servers. It means Apache configuration is denying access to a directory/file. Most of the time, this error is observed on Apache 2.4 after upgrading from the older version 2.2 because of the difference in the configuration file syntaxes. Apache 2.4 introduced some changes to authentication and authorization configuration.

To fix the error, you need to make some changes to your Apache configuration which would comply with Apache 2.4 configuration.

Major Changes in version 2.4 to be considered:

    1. Authorization:

Authorization is a way of providing access to some resource/location to someone. All the configuration files using authorization should be changed according to the new changes. Directives controlling the behavior or the way of responding of Authorization when they mismatch with the user being authenticated have been removed in the version 2.4. For example, AuthzOwnerAuthoritative, AuthzDBDAuthoritative, AuthzGroupFileAuthoritative, AuthzLDAPAuthoritative, AuthzUserAuthoritative, and AuthzDBMAuthoritative.

Their replacements in the new version are RequireAll, RequireNone, RequireAny.

    1. Access Control:

In the older version like 2.2, Deny, Allow, Satisfy, Order directives were used to provide access control to the client requests based on a few characteristics like IP, Hostname, etc.

While in 2.4, module mod_authz_host is used for access control. Old access control directives should be replaced by the new ones.

Let’s see a few examples of defining access control in old and new way:

To deny all the requests:

2.2:
Order deny,allow
Deny from all

2.4:
Require all denied

To allow all the requests:

2.2:
Order allow,deny
Allow from all

2.4:
Require all granted

To deny all the requests from all the hosts except example.com:

2.2:

Order Deny,Allow
Deny from all
Allow from example.com

2.4:
Require host example.com

Now, we will try to use old directives in the configuration file of the version 2.4, and see how the server behaves. I have used below code in the configuration file of my website example.com:

<Directory /var/www/example.com/html/test>

Order deny,allow
Deny from all

</Directory>

I have Apache 2.4 running on my server. Now, when I try to access the directory “test”, I get a “403 Forbidden” error like this:

The detailed error from the logs is:

=====
[access_compat:error] [pid 1910] [client 192.168.2.7:50480] AH01797: client denied by server configuration: /var/www/example.com/html/test
=====

This is because I am using old directives like Order, Deny, etc. in the configuration file. If I change this code to below, and restart Apache service, the error will disappear, and I would be able to access the directory “test”:

<Directory /var/www/example.com/html/test>

Require all granted

</Directory>

Now, the directory should be accessible through web like this:

Let’s see this through GIF illustration.

This is my original code using Order, Deny, etc.:

I was seeing below errors:

In the browser:

In the logs:

I changed the code to below, and then restarted the Apache service to fix this error:

The browser shows the index.html page inside the “test” directory successfully now:

Summary:

To fix “client denied by server configuration” error:

  • Remove all the lines containing “Order allow,deny”, “Order deny,allow”
  • “Deny from all” should be replaced by “Require all denied”
  • “Allow from all” should be replaced by “Require all granted”
  • “Allow from example.com” should be replaced by “Require host example.com”
  • Restart Apache service after making changes to the configuration files.
Categories