Apache 权限被拒绝

2022-01-04 00:00:00 permissions php apache httpd.conf

我刚刚在 Windows 上安装了一个新的 Apache 2.4.2,带有 PHP 快速 cgi 构建.

I've just installed a new Apache 2.4.2 with Php fast cgi build on windows.

然后我修改了 httpd.conf 添加以下内容:

Then I modified the httpd.conf adding the following:

LoadModule fcgid_module modules/mod_fcgid.so  
FcgidInitialEnv PHPRC "C:/SITE/PHP"
AddHandler fcgid-script .php
FcgidWrapper "C:/SITE/PHP/php-cgi.exe" .php

DocumentRoot "C:/SITE/localhost/www"
<Directory "C:/SITE/localhost/www">
    Order allow,deny
    Allow from all
</Directory>

但是,当我尝试打开我的网站时,它说:

However when I try to open my site, it says:

Forbidden 您无权访问/在此服务器上.

任何想法可能是什么问题?

Any ideas what might be the problem?

推荐答案

这是正确的做法:(感谢 DaveRandom)

This was the correct way to do it: (thanks to DaveRandom)

<Directory "C:/SITE/localhost/www">
    Options ExecCGI
    AllowOverride all
    Require all granted
</Directory>

Dave Random 进一步解释:

在对此进行了一些实验后,我发现了使其成为正确答案的细微差别,这是特定于 Apache 2.3+ 的.似乎 mod_authz_host 指令优先于 mod_access_compat 指令,这在目录树中一直向上冒泡.这意味着,如果您从 Apache 2.2 迁移到 Apache 2.4 并逐字使用 2.2 httpd.conf,它将起作用.

After a little experimentation with this, I have discovered the nuance that makes this the correct answer, which is specific to Apache 2.3+. It seems that mod_authz_host directives take precedence over mod_access_compat directives, and this bubbles all the way up the directory tree. What this means is that if you are migrating from Apache 2.2 to Apache 2.4 and you use your 2.2 httpd.conf verbatim, it will work.

但是,如果您执行 2.4 的新安装并基于默认的 2.4 httpd.conf 进行配置,Allow 指令将不起作用,因为默认设置顶级部分使用 Require all denied 指令而不是 Deny from all,这优先于树更高的任何后续 Allow 指令.总而言之,如果您将 Order/Allow/Deny 指令迁移到其等效的 Requires,那么您必须尝试所有这些指令,否则您会发现您得到了意想不到的 403.

If, however, you perform a new install of 2.4 and base your config on the default 2.4 httpd.conf, Allow directives won't work, because the default top level section uses a Require all denied directive instead of Deny from all, and this takes precedence over any subsequent Allow directives higher up the tree. The long of the short of this is that if you are migrating your Order/Allow/Deny directives to their equivalent Requires, then you must chance all of them or you will find you get 403s you weren't expecting.

相关文章