{"id":778,"date":"2015-05-12T20:39:01","date_gmt":"2015-05-13T05:39:01","guid":{"rendered":"http:\/\/blog.box.kr\/?p=778"},"modified":"2015-05-12T20:39:01","modified_gmt":"2015-05-13T05:39:01","slug":"resolving-403-forbidden-error","status":"publish","type":"post","link":"https:\/\/blog.box.kr\/?p=778","title":{"rendered":"NGINX :: Resolving &quot;403 Forbidden&quot; error"},"content":{"rendered":"<header>\n<h1 class=\"entry-title\"><a href=\"http:\/\/nginxlibrary.com\/403-forbidden-error\/\">http:\/\/nginxlibrary.com\/403-forbidden-error\/<\/a><\/h1>\n<p class=\"meta\"><time class=\"updated\" datetime=\"2012-01-09T15:29:45+00:00\" data-updated=\"true\">JAN 9TH, 2012<\/time><\/p>\n<\/header>\n<div class=\"entry-content\">\n<p>403 Forbidden errors are Nginx\u2019s way of telling \u201cYou have requested for a resource but we cannot give it to you.\u201d 403 Forbidden is technically not an error but a HTTP status code. 403 response headers are intentionally returned in many cases such as &#8211;<\/p>\n<ul>\n<li>User is blocked from requesting that page\/resource or the site as a whole.<\/li>\n<li>User tries to access a directory but <code>autoindex<\/code> is set to <code>off<\/code>.<\/li>\n<li>User tries to access a file that can be only accessed internally.<\/li>\n<\/ul>\n<p>These are some among many cases where a 403 Forbidden response is intentionally returned. But here we will talk about the causes of 403 responses that are unintentional\/not desired which generally occur as a result of misconfiguration on the server side.<\/p>\n<h3>Permissions are not set correctly<\/h3>\n<p>This is the most common cause of this error. By permissions, I do not only mean the permissions for the file that is being accessed. In order to serve a file, Nginx needs to have <em>read<\/em>permissions for the file as well as <em>execute<\/em> permissions for every hierarchial parent directory of the file to chdir to it. For example, to access the file located at &#8211;<\/p>\n<pre><code>\/usr\/share\/myfiles\/image.jpg\n<\/code><\/pre>\n<p>Nginx needs to have <em>read<\/em> permissions for the file as well as <em>execute<\/em> permissions for <code>\/<\/code>, <code>\/usr<\/code>, <code>\/usr\/share<\/code> and <code>\/usr\/share\/myfiles<\/code>. If you use the standard 755 for directories and 644 for files (umask: 022), you should not run into this problem.<\/p>\n<p>To check for ownership and permissions on a path, we can use the <code>namei<\/code> utility like this &#8211;<\/p>\n<pre><code>$ namei -l \/var\/www\/vhosts\/example.com\n\nf: \/var\/www\/vhosts\/example.com\ndrwxr-xr-x root     root     \/\ndrwxr-xr-x root     root     var\ndrwxr-xr-x www-data www-data www\ndrwxr-xr-x www-data www-data vhosts\ndrwxr-xr-x clara    clara    example.com\n<\/code><\/pre>\n<h3>Directory index is not properly defined<\/h3>\n<p>Sometimes, the index directive does not contain the desired directory index. For example, for a standard setup with PHP, the index directive should be &#8211;<\/p>\n<pre><code>index index.html index.htm index.php;\n<\/code><\/pre>\n<p>According to this example, when a directory is acessed directly, Nginx will try to serve index.html, then index.htm and index.php after that. If none of them are found, Nginx will return a 403 header. If index.php were not defined in the root directive, Nginx would have returned 403 without checking for the existence of index.php.<\/p>\n<p>Similarly, for a Python setup, index.py should be defined as a directory index.<\/p>\n<p>These are the most common causes of undesired 403 responses. Feel free to leave a comment if you are still getting 403s.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>http:\/\/nginxlibrary.com\/403-forbidden-error\/ JAN 9TH, 2012 403 Forbidden errors are Nginx\u2019s way of telling \u201cYou have requested for a resource but we cannot give it to you.\u201d 403 Forbidden is technically not an error but a HTTP status code. 403 response headers are intentionally returned in many cases such as &#8211; User is blocked from requesting that page\/resource or the site as a whole. User tries to access a directory but autoindex is set to off. User tries to access a file that can be only accessed internally. These are some among many cases where a 403 Forbidden response is intentionally returned. But here we will talk about the causes of 403 responses that are unintentional\/not desired which generally occur as a result of misconfiguration on the server side. Permissions are not set correctly This is the most common cause of this error. By permissions, I do not only mean the permissions for the file that is being accessed. In order to serve a file, Nginx needs to have readpermissions for the file as well as execute permissions for every hierarchial parent directory of the file to chdir to it. For example, to access the file located at &#8211; \/usr\/share\/myfiles\/image.jpg Nginx needs [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"ngg_post_thumbnail":0,"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5q9Zn-cy","jetpack-related-posts":[{"id":762,"url":"https:\/\/blog.box.kr\/?p=762","url_meta":{"origin":778,"position":0},"title":"Install and configure Nginx, MariaDB &amp; PHP-FPM in CentOS 7 (RHEL7)","date":"2015-05-08","format":false,"excerpt":"https:\/\/stavrovski.net\/blog\/install-and-configure-nginx-mariadb-php-fpm-in-centos-7-rhel7 \u00a0 The following is a quick-N-dirty write-up on\u00a0how to install and configure the LEMP stack (Nginx, MariaDB and PHP-FPM) in\u00a0CentOS 7. I use this as a reference\/guide whenever I need to deploy the\u00a0LEMP stack\u00a0on RHEL based machines. TABLE OF CONTENTS Enable EPEL Repository Update CentOS 7 Install and configure\u2026","rel":"","context":"In &quot;Linux&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":750,"url":"https:\/\/blog.box.kr\/?p=750","url_meta":{"origin":778,"position":1},"title":"NGINX: SELinux Changes when Upgrading to RHEL 6.6 \/ CentOS 6.6","date":"2015-05-08","format":false,"excerpt":"If you upgrade a running system to Red Hat Enterprise Linux (RHEL) 6.6 or CentOS 6.6, the Security Enhanced Linux (SELinux) security permissions that apply to NGINX are\u00a0relabelled to a much stricter posture. Although the permissions are adequate for the default configuration of NGINX, configuration for additional features can be\u2026","rel":"","context":"In &quot;Linux&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":139,"url":"https:\/\/blog.box.kr\/?p=139","url_meta":{"origin":778,"position":2},"title":"JDBC Connection Pool Timeout Errors","date":"2014-06-24","format":false,"excerpt":"If the database server times out a connection, the connection pool on Tomcat side would not be aware of its disconnection. If the database server times out a connection, the connection pool on Tomcat side would not be aware of its disconnection, and could throw the\u00a0following exception in Tomcat: Caused\u2026","rel":"","context":"In &quot;WAS, Servet Containers&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":783,"url":"https:\/\/blog.box.kr\/?p=783","url_meta":{"origin":778,"position":3},"title":"[scrap] \ud154\ub808\uadf8\ub7a8(Telegram)\uc73c\ub85c \uc11c\ubc84 \ubaa8\ub2c8\ud130\ub9c1\ud558\uae30","date":"2015-05-13","format":false,"excerpt":"http:\/\/truefeel.tistory.com\/224 \u00a0 \uba54\uc2e0\uc800 \uac80\uc5f4\ub85c '\ud154\ub808\uadf8\ub7a8(Telegram)' \uad11\ud48d\uc774 \ubd88\uace0 \uc788\ub2e4. \uac1c\uc778\uc801\uc73c\ub85c \uce74\ud1a1\uc744 \uc790\uc8fc \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uc544, \ud154\ub808\uadf8\ub7a8\uc774 \uc808\uc2e4(?)\ud558\uac8c \ud544\uc694\ud558\uc9c0 \uc54a\ub2e4. \ud558\uc9c0\ub9cc \ud154\ub808\uadf8\ub7a8\uc744 \uc0ac\uc6a9\ud574\uc57c\ud560 \uc774\uc720\uac00 \uc0dd\uacbc\ub2e4. \ud154\ub808\uadf8\ub7a8\uc774 \uc11c\ubc84\uc5d0\uc11c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub294 CLI\ub97c \uc81c\uacf5\ud558\uace0 \uc788\uace0, lua\ub098 python\uc73c\ub85c \uc190\uc27d\uac8c \uba54\uc2e0\uc800\uc640 \uc5f0\ub3d9\ud560 \uc218 \uc788\ub2e4. \uadf8\ub798\uc11c \ud154\ub808\uadf8\ub7a8\uc6a9 lua\uc2a4\ud06c\ub9bd\ud2b8\ub97c \ub9cc\ub4e4\uc5b4\uc11c \uc11c\ubc84 \uc0c1\ud0dc\ub97c \ud3f0\uc5d0\uc11c \ubc1b\uc544\ubcfc \uc218 \uc788\ub2e4. \uc608\ub97c \ub4e4\uc5b4 \ud2b9\uc815\u2026","rel":"","context":"In &quot;\uae30\uc220&quot;","img":{"alt_text":"telegram-cli \u00ec\u008b\u00a4\u00ed\u0096\u0089\u00ed\u0099\u0094\u00eb\u00a9\u00b4","src":"http:\/\/cfile27.uf.tistory.com\/image\/261CC43B543DF3EA2ED4D5","width":350,"height":200},"classes":[]},{"id":813,"url":"https:\/\/blog.box.kr\/?p=813","url_meta":{"origin":778,"position":4},"title":"[scrap]How to Monitor MySQL Replication?","date":"2015-05-18","format":false,"excerpt":"Just setting up MySQL replication is not enough, you would need to periodically monitor your slaves to ensure they continue to work seamlessly. Here is a basic overview of the Slave variables to monitor and the tools that will help you monitor those with ease. Top variables to monitor on\u2026","rel":"","context":"In &quot;DB\uad00\ub828&quot;","img":{"alt_text":"how to monitor mysql replication","src":"https:\/\/i0.wp.com\/blog.webyog.com\/wp-content\/uploads\/2012\/11\/how-to-monitor-mysql-replication.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":875,"url":"https:\/\/blog.box.kr\/?p=875","url_meta":{"origin":778,"position":5},"title":"Install GDB on OSX Yosemite","date":"2015-06-06","format":false,"excerpt":"First things first - you need to install brew. It's a homebrew package installer that can be found here. Then in your terminal, run brew install gdb This will install the latest gdb. but, if you are show error like this \"Error: No available formula for gdb\"c Homebrew does not\u2026","rel":"","context":"In &quot;\uae30\uc220\uc790\ub8cc&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/778"}],"collection":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=778"}],"version-history":[{"count":0,"href":"https:\/\/blog.box.kr\/index.php?rest_route=\/wp\/v2\/posts\/778\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.box.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}