403 Forbidden Message on Moodle Directory

403 Forbidden Message on Moodle Directory

by Alex Nyamweya -
Number of replies: 9

Hello,

After having system issues for the past couple of days I decided to reinstall my OS (CentOS), which also involves resintalling Moodle again (this is the third time I have to do this). I followed the instructions according to this link: https://www.hugeserver.com/kb/how-install-moodle-centos-7/. The problem is when I go to my URL I'm getting the 403 Forbidden message that says the following:

You don't have permission to access / on this server.

My domain in currently pointed at /var/www/html/learning (I renamed the moodle directory to learning).

Here are the current permissions for /var/www/ and /var/www/html

/var/www/ apache:apache 755

/var/www/html/ apache:apache 755

/var/www/html/learning apache:apache 777

Here is the virtual host configuration in my httpd.conf file.

<VirtualHost *:80>
DocumentRoot "/var/www/html/learning"
ServerName mydomain.com
<Directory "/var/www/html/learning">
allow from all
Options None
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html/learning"
ServerName mydomain.com
<Directory "/var/www/html/learning">
allow from all
Options None
Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
</VirtualHost>
</IfModule>

Please help.



Average of ratings: -
In reply to Alex Nyamweya

Re: 403 Forbidden Message on Moodle Directory

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Don't make your Moodle directory writeable by everybody. Don't make it writeable by the web server user either.  That's quite a big security hole. 

What's logged in Apache's error log for these messages?

Average of ratings: -
In reply to Howard Miller

Re: 403 Forbidden Message on Moodle Directory

by Alex Nyamweya -

Well I keep getting this repeatedly:

Cannot serve directory /var/www/html/learning/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive.

Average of ratings: -
In reply to Alex Nyamweya

Re: 403 Forbidden Message on Moodle Directory

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Find 'DirectoryIndex' in your Apache settings and make sure it says (at least)

DirectoryIndex  index.php index.html
Average of ratings: -
In reply to Howard Miller

Re: 403 Forbidden Message on Moodle Directory

by Alex Nyamweya -

Ok now it is just showing the php code for what I believe is the Moodle access page. I'm not seeing this:

moodleinstall1.png

Average of ratings: -
In reply to Alex Nyamweya

Re: 403 Forbidden Message on Moodle Directory

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

You don't have PHP installed on your server. Or you don't have it configured properly. 

I would suggest (looking at the document you linked) the PHP 7 / Webtatic bit went wrong somewhere. I've used Webtatic with CentOS before and it worked but it was a while ago. I don't remember any specific problems though. 

Ken is our CentOS expert (I use Ubuntu). He'll be along in a minute I expect big grin

Average of ratings: -
In reply to Alex Nyamweya

Re: 403 Forbidden Message on Moodle Directory

by Ken Task -
Picture of Particularly helpful Moodlers

First, advise, in the future, don't show us what you want to see ... but do show use what you do see. smile

Sounds like PHP isn't installed properly ... somehow ... cause the page link you provided should certainly work.   I would have, however, provided information on how to create a data directory for moodle.

cd /var/www/

mkdir moodledata

chown apache:apache moodledata -R

In /etc/httpd/conf.d/

there should be a php.conf file.

That adds the Handler (php) for php scripts used by Apache - as well as Directory index and some other variable values.

There is also in the same directory a config file for ssl.conf (which is the standard location for setting up ssl/tls/certificates.   Thus one doesn't have to have those ssl lines in the virtual configurations of apache for *:443.   When one restarts the apache service, apache will load the ssl info from only one source ... if you have that info in httpd.conf ... virtual host ... and that same info in ssl.conf ... apache launch will tell you it's using the settings from the main file (httpd.conf).

Uhhh ... you do have a valid certficate purchased from a Certificate of Authority and have downloaded the files they provide for your server ... yes?  (or plans to use letsencrypt).

At this point, think I'd restart the apache service to see if it's complaining about anything and then create a php info page (google that) and put it in /var/www/html/ to see if Apache knows about PHP before attempting installation of the code at /learning/ ... all of which should be owned by 'apache'.

'spirit of sharing', Ken


Average of ratings: -
In reply to Ken Task

Re: 403 Forbidden Message on Moodle Directory

by Alex Nyamweya -

Ok I think I figured it out. I went to /etc/httpd/conf.d/php.conf and I uncommented the following lines

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

Now I'm able to access the Moodle install page, but ONLY on Google Chrome on my desktop. If I use any browser from any other device I'm able to access the page as well. BUT when I use Firefox and/or Microsoft Edge on my desktop I'm getting the php code display. This is not really a big deal since I was able to install it on Chrome but I would like to know if you know why it shows the php code in firefox and Microsoft Edge. Also, thank you for your help!

Average of ratings: -
In reply to Alex Nyamweya

Re: 403 Forbidden Message on Moodle Directory

by Ken Task -
Picture of Particularly helpful Moodlers

Admin several of these:

el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

ie, CentOS 7 servers.

Installing php 7.x from just about all trustworthy repos should place a php.conf file in /etc/httpd/conf.d/

I've never had to comment out that section of config ... matter of fact that section of php.conf doesn't exist in boxens I admin.

Here's a clip ... not all ... of php.conf as installed by yum ... did not have to edit it.

[root@server# cat php.conf
#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php7-script .php
AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

Now just don't go and copy and paste the above into your php.conf ... see the 'Soooo ... below.

With the above I can browse servers with FireFox, Chrome, and with Safari without any issues - don't own anything M$ these days.

Soooo ... something is sorta different.

You do need to fix it cause not all hackers/crackers use the same browser you do! smile

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: 403 Forbidden Message on Moodle Directory

by Alex Nyamweya -

Here is how my current php.conf looks like.


# Cause the PHP interpreter to handle files with a .php extension.
#
<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>
#
#
# Allow php to handle Multiviews
#
#AddType text/html .php
#
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
#DirectoryIndex index.php
#
#
# Uncomment the following lines to allow PHP to pretty-print .phps
# files as PHP source code:
#
#<FilesMatch \.phps$>
#    SetHandler application/x-httpd-php-source
#</FilesMatch>
#
#
# Apache specific PHP configuration options
# those can be override in each configured vhost
#
#php_value session.save_handler "files"
#php_value session.save_path    "/var/lib/php/session"

I installed php by using the command yum install php and then I upgraded it to 7.1 by using the following commands:

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

sudo yum-config-manager --enable remi-php71

Everything was originally uncommented by the way. The weird thing is the last time I reinstalled Moodle on CentOS, I never had to do this. All I had to was restart httpd and it worked like a charm. The only difference between this time and the last time is that I installed Virtualmin on my server (in addition to Apache OpenMeetings and Gibbon which were installed last time as well).

Average of ratings: -