565  

Update October 2016

4 years ago, since this answer is used as a reference by many, and while I learned a lot from security perspective during these years, I feel I am responsible to clarify some important notes, and I've update my answer accordingly.

4年前，由于这个答案被很多人用作参考，在这些年里我从安全角度学到了很多东西，我觉得我有责任澄清一些重要的注意事项，我也相应地更新了我的答案。

The original answer is correct but not safe for some production environments, in addition I would like to explain some issues that you might fall into while setting up your environment.

最初的答案是正确的，但对于某些生产环境来说是不安全的，另外，我还想解释一些您在设置环境时可能会遇到的问题。

If you are looking for a quick solution and SECURITY IS NOT A MATTER, i.e development env, skip and read the original answer instead

如果你正在寻找一个快速的解决方案，安全不是问题，我。e开发env，跳过并阅读原来的答案。

Many scenarios can lead to 403 Forbidden:

许多场景可能导致403被禁止:

A. Directory Indexes (from mod_autoindex.c)

When you access a directory and there is no default file found in this directory AND Apache Options Indexes is not enabled for this directory.

当您访问一个目录时，在这个目录中没有找到默认的文件，并且这个目录没有启用Apache Options索引。

A.1. DirectoryIndex option example

DirectoryIndex index.html default.php welcome.php

DirectoryIndex指数。html违约。php welcome.php

A.2. Options Indexes option

If set, apache will list the directory content if no default file found (from the above ???????? option)

如果设置了，apache将列出目录内容，如果没有找到默认文件(从上面的选项)

If none of the conditions above is satisfied

You will receive a 403 Forbidden

你将收到403的禁止。

Recommendations

• You should not allow directory listing unless REALLY needed.
• 除非确实需要，否则不应该允许目录列表。
• Restrict the default index DirectoryIndex to the minimum.
• 将默认索引DirectoryIndex限制到最小值。
• If you want to modify, restrict the modification to the needed directory ONLY, for instance, use .htaccess files, or put your modification inside the <Directory /my/directory> directive
• 如果您想要修改，只需将修改限制在需要的目录中，例如，使用.htaccess文件，或者将修改放在 <目录 my directory> 指令中。

B. deny,allow directives (Apache 2.2)

Mentioned by @Radu, @Simon A. Eugster in the comments You request is denied, blacklisted or whitelisted by those directives.

@Radu， @Simon A. Eugster在你请求的评论中提到的，被这些指令拒绝，被列入黑名单或被白名单。

I will not post a full explanation, but I think some examples may help you understand, in short remember this rule:

我不会发表完整的解释，但我认为一些例子可以帮助你理解，简而言之，这条规则:

IF MATCHED BY BOTH, THE LAST IS WILL WIN

如果两者都匹配，最后一个就会赢。

Order allow,deny

Deny will win if matched by both directives (even if an allow directive is written after the deny in the conf)

如果两个指令匹配，Deny将获胜(即使在conf中拒绝了允许指令)

Order deny,allow

allow will win if matched by both directives

如果两个指令匹配，允许将获胜。

Example 1

Order allow,deny
Allow from localhost mydomain.com

Only localhost and *.mydomain.com can access this, all other hosts are denied

只有localhost和*.mydomain.com可以访问这个，所有其他主机都被拒绝。

Example 2

Order allow,deny
Deny from evil.com
Allow from safe.evil.com # <-- has no effect since this will be evaluated first

All requests are denied, the last line may trick you, but remember that if matched by both the last win rule (here Deny is the last), same as written:

所有请求都被拒绝，最后一行可能会欺骗您，但请记住，如果最后一个win规则(此处拒绝是最后一个)匹配，则与所写的相同:

Order allow,deny
Allow from safe.evil.com
Deny from evil.com # <-- will override the previous one 

Example 4

Order deny,allow
Allow from site.com
Deny from untrusted.site.com # <-- has no effect since this will be matched by the above `Allow` directive

Requests are accepted from all hosts

所有主机都接受请求。

Example 4: typical for public sites (allow unless blacklisted)

Order allow,deny
Allow from all
Deny from hacker1.com
Deny from hacker2.com

Example 5: typical for intranet and secure sites (deny unless whitelisted)

Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain

C. Require directive (Apache 2.4)

Apache 2.4 use a new module called mod_authz_host

Apache 2.4使用一个名为mod_authz_host的新模块。

Require all granted => Allow all requests

要求所有的=>允许所有请求。

Require all denied => Deny all requests

要求全部拒绝=>拒绝所有请求。

Require host safe.com => Only from safe.com are allowed

只允许使用safe.com网站的主机safe.com =>。

D. Files permissions

One thing that most people do it wrong is configuring files permissions,

大多数人做错的一件事是配置文件权限，

The GOLDEN RULE is

黄金法则是

STARTS WITH NO PERMISSION AND ADD AS PER YOUR NEED

从没有权限开始，根据您的需要添加。

In linux:

在linux中:

• Directories should have the Execute permission

  目录应该具有执行权限。

• Files should have the Read permission

  文件应该具有读权限。

• YES, you are right DO NOT ADD Execute permission for files

  是的，您是正确的，不要添加对文件的执行权限。

for instance, I use this script to setup the folders permissions

例如，我使用这个脚本设置文件夹的权限。

# setting permissions for /var/www/mysite.com

# read permission ONLY for the owner 
chmod -R /var/www/mysite.com 400 

# add execute for folders only
find /var/www/mysite.com -type d -exec chmod -R u+x {} \;

# allow file uploads 
chmod -R /var/www/mysite.com/public/uploads u+w

# allow log writing to this folder
chmod -R /var/www/mysite.com/logs/ 

I posted this code as an example, setup may vary in other situations

我将此代码作为示例发布，在其他情况下设置可能会有所不同。

Original Answer

I faced the same issue, but I solved it by setting the options directive either in the global directory setting in the httpd.conf or in the specific directory block in httpd-vhosts.conf:

我遇到了同样的问题，但是我通过在httpd中的全局目录设置中设置选项指令来解决它。conf或在httpd-vhosts.conf中的特定目录块中:

Options Indexes FollowSymLinks Includes ExecCGI

By default, your global directory settings is (httpd.conf line ~188):

默认情况下，全局目录设置是(httpd)。相依~ 188行):

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

set the options to : Options Indexes FollowSymLinks Includes ExecCGI

将选项设置为:options索引FollowSymLinks包括ExecCGI。

Finally, it should look like:

最后，它应该是:

<Directory />
    #Options FollowSymLinks
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
</Directory>

Also try changing Order deny,allow and Allow from all lines by Require all granted.

也试着改变顺序，拒绝，允许和允许从所有的线，要求所有的批准。

Appendix

Directory Indexes source code (some code remove for brevity)

if (allow_opts & OPT_INDEXES) {
     return index_directory(r, d);
} else {
        const char *index_names = apr_table_get(r->notes, "dir-index-names");

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
                      "Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
                      "server-generated directory index forbidden by "
                      "Options directive",
                       r->filename,
                       index_names ? index_names : "none");
        return HTTP_FORBIDDEN;
    }

171  

I understand this issue is resolved but I happened to solve this same problem on my own.

我知道这个问题已经解决了，但是我自己也解决了这个问题。

The cause of

的原因

Forbidden You don't have permission to access / on this server

禁止您访问/访问此服务器。

is actually the default configuration for an apache directory in httpd.conf.

实际上是httpd.conf中apache目录的默认配置。

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
#
# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory "/">
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all          # the cause of permission denied
</Directory>

Simply changing Deny from all to Allow from all should solve the permission problem.

简单地改变拒绝一切允许从所有应该解决权限问题。

Alternatively, a better approach would be to specify individual directory permissions on virtualhost configuration.

或者，更好的方法是在virtualhost配置上指定单独的目录权限。

<VirtualHost *:80>
    ....

    # Set access permission
    <Directory "/path/to/docroot">
        Allow from all
    </Directory>

    ....
</VirtualHost>

As of Apache-2.4, however, access control is done using the new module mod_authz_host (Upgrading to 2.4 from 2.2). Consequently, the new Require directive should be used.

但是，在Apache-2.4中，访问控制是使用新的模块mod_authz_host完成的(从2.2升级到2.4)。因此，应该使用新的要求指令。

<VirtualHost *:80>
    ....

    # Set access permission
    <Directory "/path/to/docroot">
        Require all granted
    </Directory>

    ....
</VirtualHost>

114  

A common gotcha for directories hosted outside of the default /var/www/ is that the Apache user doesn't just need permissions to the directory and subdirectories where the site is being hosted. Apache requires permissions to all the directories all the way up to the root of the file system where the site is hosted. Apache automatically gets permissions assigned to /var/www/ when it's installed, so if your host directory is directly underneath that then this doesn't apply to you. Edit: Daybreaker has reported that his Apache was installed without correct access permissions to the default directory.

在缺省/var/www/的外部托管的目录的一个常见问题是，Apache用户不仅需要访问站点所在的目录和子目录的权限。Apache需要所有目录的权限，直到站点所在的文件系统的根目录。在安装时，Apache会自动获得分配给/var/www/的权限，因此，如果您的主机目录直接在下面，那么这就不适用于您。编辑:Daybreaker报告说，他的Apache安装没有正确的访问权限到默认目录。

For example, you've got a development machine and your site's directory is:

例如，您有一个开发机器，您的站点的目录是:

/username/home/Dropbox/myamazingsite/

You may think you can get away with:

你可能认为你可以逃避:

chgrp -R www-data /username/home/Dropbox/myamazingsite/
chmod -R 2750 /username/home/Dropbox/myamazingsite/

because this gives Apache permissions to access your site's directory? Well that's correct but it's not sufficient. Apache requires permissions all the way up the directory tree so what you need to do is:

因为这给了Apache访问站点目录的权限?这是正确的，但还不够。Apache需要权限一直到目录树，所以你需要做的是:

chgrp -R www-data /username/
chmod -R 2750 /username/

Obviously I would not recommend giving access to Apache on a production server to a complete directory structure without analysing what's in that directory structure. For production it's best to keep to the default directory or another directory structure that's just for holding web assets.

显然，我不建议在不分析目录结构的情况下，让生产服务器上的Apache访问完整的目录结构。对于生产，最好保存到默认目录或另一个目录结构，这只是用来保存web资产的。

Edit2: as u/chimeraha pointed out, if you're not sure what you're doing with the permissions, it'd be best to move your site's directory out of your home directory to avoid potentially locking yourself out of your home directory.

Edit2:正如u/chimeraha所指出的，如果你不确定你的权限是什么，最好将你的站点的目录从你的主目录中移出，以避免可能把你自己锁在你的主目录下。

53  

Some configuration parameters have changed in Apache 2.4. I had a similar issue when I was setting up a Zend Framework 2 application. After some research, here is the solution:

在Apache 2.4中，一些配置参数发生了变化。我在创建Zend Framework 2应用程序时遇到了类似的问题。在一些研究之后，这里有一个解决方案:

Incorrect Configuration

不正确的配置

<VirtualHost *:80>
    ServerName zf2-tutorial.localhost
    DocumentRoot /path/to/zf2-tutorial/public
    SetEnv APPLICATION_ENV "development"
    <Directory /path/to/zf2-tutorial/public>
        DirectoryIndex index.php
        AllowOverride All
        Order allow,deny #<-- 2.2 config
        Allow from all #<-- 2.2 config
    </Directory>
</VirtualHost>

Correct Configuration

正确的配置

<VirtualHost *:80>
    ServerName zf2-tutorial.localhost
    DocumentRoot /path/to/zf2-tutorial/public
    SetEnv APPLICATION_ENV "development"
    <Directory /path/to/zf2-tutorial/public>
        DirectoryIndex index.php
        AllowOverride All
        Require all granted #<-- 2.4 New configuration
    </Directory>
</VirtualHost>

If you are planning to migrate from Apache 2.2 to 2.4, here is a good reference: http://httpd.apache.org/docs/2.4/upgrading.html

如果您打算从Apache 2.2迁移到2.4，这里有一个很好的参考:http://httpd.apache.org/docs/2.4/upgrad. html。

33  

With Apache 2.2

与Apache 2.2

Order Deny,Allow
Allow from all

With Apache 2.4

与Apache 2.4

Require all granted

From http://httpd.apache.org/docs/2.4/en/upgrading.html

从http://httpd.apache.org/docs/2.4/en/upgrading.html

23  

If you are using a WAMP server then try this:

如果您使用的是WAMP服务器，请尝试以下方法:

• Single click on the WAMP server icon at the taskbar

  单击任务栏上的WAMP服务器图标。

• Select the option put online

  选择放到网上的选项。

• Your server will restart automatically

  您的服务器将自动重启。

• Then try to access your localwebsite

  然后尝试访问您的本地网站。

22  

On Ubuntu 14.04 using Apache 2.4, I did the following:

在使用Apache 2.4的Ubuntu 14.04上，我做了如下工作:

Add the following in the file, apache2.conf (under /etc/apache2):

在文件中添加以下内容，apache2。conf(/etc/apache2以下):

<Directory /home/rocky/code/documentroot/>
  Options Indexes FollowSymLinks
  AllowOverride None
  Require all granted
</Directory>

and reload the server:

并重新加载服务器:

sudo service apache2 reload

Edit: This also works on OS X Yosemite with Apache 2.4. The all-important line is

编辑:这也适用于Apache 2.4的OS X Yosemite。最重要的是

Require all granted

要求所有授予

14  

I solved my problem by adding my user to httpd.conf.

我通过将用户添加到httpd.conf解决了我的问题。

# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
#User daemon
User my_username
Group daemon

13  

This article Creating virtual hosts on Apache 2.2 helps me (point 9) permissions to the top virtual hosts directory.

这篇文章创建了Apache 2.2上的虚拟主机，帮助我(点9)权限到*虚拟主机目录。

I simply add this lines to my vhosts.conf file:

我只是将这条线添加到我的vhosts中。配置文件:

<Directory I:/projects/webserver>
    Order Deny,Allow
    Allow from all
</Directory>

13  

If you are using CentOS with SELinux Try:

如果你正在使用CentOS与SELinux尝试:

sudo restorecon -r /var/www/html

See more: https://www.centos.org/forums/viewtopic.php?t=6834#p31548

看到更多:https://www.centos.org/forums/viewtopic.php?t=6834 # p31548

8  

I was getting the same error and couldn't figure out the problem for ages. If you happen to be on a Linux distribution that includes SELinux such as CentOS, you need to make sure SELinux permissions are set correctly for your document root files or you will get this error. This is a completely different set of permissions to the standard file system permissions.

我也犯了同样的错误，很久没能解决这个问题了。如果您碰巧在一个包含SELinux(例如CentOS)的Linux发行版上，您需要确保对您的文档根文件正确设置SELinux权限，否则您将会得到这个错误。这是对标准文件系统权限的完全不同的权限集。

I happened to use the tutorial Apache and SELinux, but there seems to be plenty around once you know what to look for.

我碰巧使用了教程Apache和SELinux，但是一旦您知道要查找什么，似乎就会有很多。

5  

If you are using MAMP Pro the way to fix this is by checking the Indexes checkbox under the Hosts - Extended tab.

如果您正在使用MAMP Pro，那么可以通过在主机-扩展选项卡下检查索引复选框来解决这个问题。

In MAMP Pro v3.0.3 this is what that looks like:

在MAMP Pro v3.0.3中是这样的:

4  

There is another way to solve this problem. Let us say you want to access directory "subphp" which exist at /var/www/html/subphp, and you want to access it using 127.0.0.1/subphp and you receive error like this:

有另一种方法来解决这个问题。假设您希望访问位于/var/www/html/subphp中的目录“subphp”，您希望使用127.0.0.1/subphp访问它，您会收到这样的错误:

You don't have permission to access /subphp/ on this server.

您没有权限访问/subphp/在此服务器上。

Then change the directory permissions from "None" to "access files". A command-line user can use the chmod command to change the permission.

然后将目录权限从“None”改为“access files”。命令行用户可以使用chmod命令更改权限。

3  

I use Mac OS X, in my case, I just forget to enable php in apache, all I need to do is to uncomment one line from /etc/apache2/httpd.conf:

我使用Mac OS X，在我的例子中，我忘记了在apache中启用php，我所需要做的就是将一条行从/etc/apache2/httpd.conf中取消注释:

LoadModule php5_module libexec/apache2/libphp5.so

ref this article for detail.

参考这篇文章的细节。

2  

(In Windows and Apache 2.2.x)

(在Windows和Apache 2.2.x中)

The "Forbidden" error is also the result of not having virtual hosts defined.

“禁止”错误也是没有定义虚拟主机的结果。

As noted by Julien, if you intend to use virtual hosts.conf, then go to the httpd file and uncomment the following line:

正如Julien所指出的，如果您打算使用虚拟主机。然后转到httpd文件并取消注释:

#Include conf/extra/httpd-vhosts.conf

Then add your virtual hosts definitions in conf/extra/httpd-vhosts.conf and restart Apache.

然后在conf/extra/httpd-vhosts中添加虚拟主机定义。conf并重新启动Apache。

2  

I had the same issue, but due to the fact that I changed the path on apache to a folder outside var/www, I started running into problems.

我有同样的问题，但由于我将apache的路径更改为var/www外的文件夹，我开始遇到问题。

I fixed it by creating a symlink in var/www/html > home/dev/project which seemed to do the trick, without having to change any permissions...

我通过在var/www/html > home/dev/project中创建了一个符号链接来解决这个问题，这似乎是一个技巧，而不必改变任何权限……

2  

I ran into this problem, and my solution was moreso that www-data didn't own the proper folders, and instead I set it for one of the users to own it. (I was trying to do a bit of fancy, but erroneous trickery to get ftp to play nicely.)

我遇到了这个问题，我的解决方案是moreso, www-data没有拥有正确的文件夹，而我将它设置为一个用户拥有它。(我试着去做一些花哨的，但错误的花招，让ftp玩得很好。)

After running:

在运行:

chown -R www-data:www-data /var/www/html

The machine started serving data again. You can see who currently owns the folder by means of

机器又开始提供数据了。您可以看到谁目前拥有该文件夹的方法。

ls -l /var/www/html

2  

This solution doesn't Allow from all

I just want to change my public directory www, and access it from my PC, and mobile connected by Wifi. I've Ubuntu 16.04.

我只是想改变我的公共目录www，并从我的PC*问它，通过Wifi连接移动。我的Ubuntu 16.04。

1. So, first, I modified /etc/apache2/sites-enabled/000-default.conf and I changed the line DocumentRoot /var/www/html for my new public directory DocumentRoot "/media/data/XAMPP/htdocs"

   因此，首先，我修改了/etc/apache2/sites-enabled/000-default。conf和我更改了新的公共目录DocumentRoot“/media/data/XAMPP/htdocs”的行DocumentRoot /var/www/html。

2. Then I modified /etc/apache2/apache2.conf, and I put the permissions for localhost, and my mobile, this time I used the IP address, I know it is not completely safe, but it's OK for my purposes.

   然后我修改/etc/apache2/apache2.conf，我给localhost和我的手机设置了权限，这次我使用了IP地址，我知道它不是完全安全的，但是我的目的是可以的。

   <Directory/>
       Options FollowSymLinks
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from localhost 10.42.0.11
   </Directory>
   

0  

I had the same issue for a specific controller only - which was really weird. I had a folder in the root of the CI folder that had the same name as the controller I was trying to access... Because of that, CI was directing the request to this directory instead of the controller itself.

我对一个特定的控制器也有同样的问题——这真的很奇怪。我在CI文件夹的根目录中有一个文件夹，它与我试图访问的控制器的名称相同。因此，CI将请求指向该目录而不是控制器本身。

After removing this folder (which was there a bit by mistake), it all worked fine.

删除了这个文件夹之后(这里有一点错误)，一切都很正常。

To be more clear, here is what it looked like:

更清楚的是，这就是它的样子:

/ci/controller/register.php

/ci/register/

I had to remove /ci/register/.

我得把/ci/注册/注册。

0  

Check exactly where you are putting your files, don't nest them in the Documents folder.

检查你的文件放在哪里，不要把它们放在文件夹里。

For instance I made the mistake of putting my code in the Documents folder of as mentioned this isn't going to work because Documents is explicitly only available to YOU and not APACHE. Try moving it up one directory and you may not see this issue.

例如，我犯了错误，把我的代码放在前面提到的文档文件夹中，这是行不通的，因为文档只对您开放，而不是APACHE。尝试将它移动到一个目录中，您可能不会看到这个问题。

Move folder from:

移动文件夹:

/Users/YOURUSERNAME/Documents/code

/用户/ YOURUSERNAME /文件/代码

To here: /Users/YOURUSERNAME/code

到这里:/用户/ YOURUSERNAME /代码

0  

Just to bring another contribution as I ran to this problem too:

为了给这个问题带来另一个贡献:

I had a VirtualHost configured that I did not want to. I have commented out the line where the include for the vhost occured, and it worked.

我配置了一个我不想要的虚拟主机。我已经注释掉了包含vhost的行，并且它起作用了。

0  

You can change youralias.conf file like this code:

你可以改变youralias。conf文件如下:

Alias /Quiz/ "h:/MyServer/Quiz/" 
 <Directory "h:/MyServer/Quiz/">
   Options Indexes FollowSymLinks
   AllowOverride all
   <IfDefine APACHE24>
     Require local
   </IfDefine>
   <IfDefine !APACHE24>
    Order Deny,Allow
    Deny from all
    Allow from localhost ::1 127.0.0.1
   </IfDefine>
 </Directory>

0  

Remember that the correct file to be configured in this situation is not the httpd.conf in the phpMyAdmin alias, but in bin/apache/your_version/conf/httpd.conf.

请记住，在这种情况下配置的正确文件不是httpd。conf在phpMyAdmin别名中，但在bin/apache/your_version/conf/httpd.conf中。

Look for the following line:

寻找以下路线:

DocumentRoot "c:/wamp/www/"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

Make sure it is set to Allow from all...

确保它被设置为允许所有…

If not, phpMyAdmin might even work, but not your root and other folders under it. Also, remember to restart WAMP and then put online...

如果不是，phpMyAdmin甚至可以工作，但不是根目录下的其他文件夹。另外，记得重新启动WAMP，然后放到网上…

This solved my headache.

这解决了我的头痛。

0  

I had this issue when using SSHFS to mount the files in my VirtualBox guest from my local filesystem before running a docker build. In the end, the "fix" was to copy all the files to the VirtualBox instance rather than building from inside the SSHFS mount, and then run the build from there.

在运行docker构建之前，我使用SSHFS在我的VirtualBox客户文件中装入我的VirtualBox客户机中的文件时遇到了这个问题。最后，“修复”是将所有文件复制到VirtualBox实例，而不是从SSHFS挂载中构建，然后从那里运行构建。

0  

WORKING Method (unless there is no other problem)

工作方法(除非没有其他问题)

By default, Apache is not restricting access from IPv4 (common external IP address)

默认情况下，Apache不限制使用IPv4(公共外部IP地址)

What are restricted are the commands given in 'httpd.conf'.

限制的是“httpd.conf”中给出的命令。

Replace all

替换所有

<Directory />
    AllowOverride none
    Require all denied
</Directory>

with

与

<Directory />
    AllowOverride none
    # Require all denied
</Directory>

hence removing out all restriction given to Apache.

因此取消了对Apache的所有限制。

Replace Require local with Require all granted for the C:/wamp/www/ directory.

替换要求本地要求所有授予的C:/wamp/www/目录。

<Directory "c:/wamp/www/">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
    # Require local
</Directory>

0  

Try this and don't add anything Order allow,deny and others:

试试这个，不要添加任何订单允许，拒绝和其他:

AddHandler cgi-script .cgi .py 
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Require all granted
    Allow from all
</Directory>

sudo a2enmod cgi
sudo service apache2 restart

0  

After changing the configuration files don't forget to Restart All Services.

更改配置文件后，不要忘记重新启动所有服务。

I wasted three hours of my time on it.

我浪费了我三个小时的时间。

0  

This is pretty ridiculous, but I got the 403 Forbidden when the file I was trying to download wasn't there on the filesystem. The apache error is not very accurate in this case, and the whole thing worked after I simply put the file where it was supposed to be.

这很荒谬，但是我在试图下载的文件没有在文件系统上时被禁止了。在这种情况下，apache的错误并不十分准确，在我简单地把文件放到应该是的地方之后，整个事情就开始了。

0  

We had modsec enabled, check the site's error log for an modsec ID then enter a locationmatch for the file in the vhost (or .htaccess I guess):

我们启用了modsec，检查站点的错误日志，然后输入modsec ID，然后在vhost(或.htaccess)中输入文件的locationmatch:

 <LocationMatch "/yourlocation/index.php">
    <IfModule security2_module>
        SecRuleRemoveById XXXXXXX
    </IfModule>
</LocationMatch>

0  

Just to add another potential gotcha to this growing list, my problem (running CentOS 6.8) was with a particular virtualhost which worked fine on a different server, the issue turned out to be a faulty .htaccess file using mod_rewrite:

为了在这个不断增长的列表中添加另一个潜在的问题，我的问题(运行CentOS 6.8)是在一个特定的虚拟主机上运行的，在另一个服务器上运行良好，这个问题被证明是一个错误的。htaccess文件使用mod_rewrite:

In .htaccess, this caused a 403 error: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / </IfModule>

在.htaccess中，这导致了403错误: RewriteEngine On RewriteBase / 。

Adding FollowSymLinks as the first line fixed the issue: <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteBase / </IfModule>

添加FollowSymLinks作为第一行修复问题: 中，c>选项+FollowSymLinks RewriteEngine。