Two tips for fixing Apache problems

1. If something is going wrong (e.g. in my case getting a 403 Forbidden error for pages that should be accessible) the first thing to do is check the error logs. Don’t even try to fix the problem until you’ve looked in the error log. “tail” is a very useful command to find out just what last went wrong:

elharo@cafe:/usr/httpd/logs$ tail -4 cafe.elharo.com-error_log
[Mon Jan 02 18:29:45 2006] [error] [client 216.254.67.87] Options FollowSymLinks or 
SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: 
/var/www/cafe/wordpress/
[Mon Jan 02 18:30:07 2006] [error] [client 216.254.67.87] Options FollowSymLinks or 
SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: 
/var/www/cafe/wordpress/
[Mon Jan 02 18:32:06 2006] [error] [client 216.254.67.87] Options FollowSymLinks or 
SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: 
/var/www/cafe/wordpress/
[Mon Jan 02 18:32:10 2006] [error] [client 216.254.67.87] Options FollowSymLinks or 
SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: 
/var/www/cafe/wordpress/index.php

2. If the error in the log happens to be, “Options FollowSymLinks or
SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden” add Options +FollowSymLinks to your .htaccess file in the affected directory, right before you turn on the rewrite engine. i.e.

Options +FollowSymLinks 
<IfModule mod_rewrite.c>
RewriteEngine On

27 Responses to “Two tips for fixing Apache problems”

  1. Janek Bogucki Says:

    less is another command that is useful for viewing active log files. Open less on a file and press SHIFT+f to enter ‘follow’ mode. Use ? and / to search backwards and forwards. less continues to highlight matching terms when switched back to ‘follow’ mode.

  2. Craig Says:

    Thanks, this tip saved me from a support call and hours of fustration.

  3. Jul Says:

    Thanks a lot for this tip.
    Very helpful on my osx apache 1.3.33 server.

  4. mariuz Says:

    thanks for the tip , we installed some phpbb module and had the same errors , now is fixed

  5. Erik Stabij Says:

    Hello,
    thank you for your tip.
    I was working on the configuration of some virtual hosts using Apache on a windows testpc and could not get the rewriting using .htaccess to work.
    Then I saw the “[Sat Jul 22 22:44:38 2006] [error] [client 127.0.0.1] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden” line in the Apache error.log. I Googled a bit and there you go you gave the needed lead to the solution:
    I have put in httpd.conf:

    Options All

    Thanks
    Erik Stabij
    http://www.hotdownloads.org

  6. Erik Says:

    Thank you.

    I was setting up a virtual host on a windows test pc and also had the same problem.
    I have solved it slightly different though:
    In httpd.conf I put
    Options All in between the directory tags of my vhost directory
    After that nothing was required to change in .htaccess and rewriting works fine.

    I am putting up my findings on my blog on
    http://www.hotdownloads.org

  7. ron Says:

    This would be helpful to know if your running apache 2.

    http://www.gostubby.com/117.pc.specs.html

  8. Yeago Says:

    Strangely, I get this and yet the top of my .htaccess is:

    Options +FollowSymlinks
    RewriteEngine On

    Wonder what’s happening. It seems to be prompting a 403 Forbidden on a perl script.

  9. Antoine Says:

    Thx for the tip, just fixed my problems with Mod_rewrite on OS X.

  10. Laman Web Kerengga » Blog Archive » Two tips for fixing Apache problems Says:

    […] Tips from : http://www.elharo.com/blog/software-development/web-development/2006/01/02/two-tips-for-fixing-apache-problems/ […]

  11. Lijith Says:

    I am facing the same problem ..
    I can’t access my cgi-bin folder…
    I am getting the error
    “You don’t have permission to access /cgi-bin/ on this server.”
    I have set all the permissions for these folders.
    I am using a Linux server and my httpd.conf file looks like this.
    ServerTokens OS
    ServerRoot “/etc/httpd”
    PidFile run/httpd.pid
    Timeout 120
    KeepAlive Off
    MaxKeepAliveRequests 100
    KeepAliveTimeout 15

    StartServers 8
    MinSpareServers 5
    MaxSpareServers 20
    ServerLimit 256
    MaxClients 256
    MaxRequestsPerChild 4000

    StartServers 2
    MaxClients 150
    MinSpareThreads 25
    MaxSpareThreads 75
    ThreadsPerChild 25
    MaxRequestsPerChild 0

    Listen 80
    LoadModule access_module modules/mod_access.so
    LoadModule auth_module modules/mod_auth.so
    LoadModule auth_anon_module modules/mod_auth_anon.so
    LoadModule auth_dbm_module modules/mod_auth_dbm.so
    LoadModule auth_digest_module modules/mod_auth_digest.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule auth_ldap_module modules/mod_auth_ldap.so
    LoadModule include_module modules/mod_include.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule env_module modules/mod_env.so
    LoadModule mime_magic_module modules/mod_mime_magic.so
    LoadModule cern_meta_module modules/mod_cern_meta.so
    LoadModule expires_module modules/mod_expires.so
    LoadModule deflate_module modules/mod_deflate.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule usertrack_module modules/mod_usertrack.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule mime_module modules/mod_mime.so
    LoadModule dav_module modules/mod_dav.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    LoadModule asis_module modules/mod_asis.so
    LoadModule info_module modules/mod_info.so
    LoadModule dav_fs_module modules/mod_dav_fs.so
    LoadModule vhost_alias_module modules/mod_vhost_alias.so
    LoadModule negotiation_module modules/mod_negotiation.so
    LoadModule dir_module modules/mod_dir.so
    LoadModule imap_module modules/mod_imap.so
    LoadModule actions_module modules/mod_actions.so
    LoadModule speling_module modules/mod_speling.so
    LoadModule userdir_module modules/mod_userdir.so
    LoadModule alias_module modules/mod_alias.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule cache_module modules/mod_cache.so
    LoadModule suexec_module modules/mod_suexec.so
    LoadModule disk_cache_module modules/mod_disk_cache.so
    LoadModule file_cache_module modules/mod_file_cache.so
    LoadModule mem_cache_module modules/mod_mem_cache.so
    LoadModule cgi_module modules/mod_cgi.so
    Include conf.d/*.conf
    User apache
    Group apache
    ServerAdmin root@localhost
    UseCanonicalName Off
    DocumentRoot “/var/www/htdocs”

    Options FollowSymLinks
    AllowOverride None

    Options Indexes FollowSymLinks +ExecCGI
    AllowOverride All
    Order allow,deny
    Allow from all

    Options +FollowSymLinks

    UserDir disable
    RewriteEngine On

    DirectoryIndex index.html index.html.var index.cgi
    AccessFileName .htaccess
    HostnameLookups off

    Order allow,deny
    Deny from all
    HostnameLookups on

    TypesConfig /etc/mime.types
    DefaultType text/plain

    MIMEMagicFile conf/magic

    HostnameLookups Off
    ErrorLog logs/error_log
    LogLevel warn
    LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
    LogFormat “%h %l %u %t \”%r\” %>s %b” common
    LogFormat “%{Referer}i -> %U” referer
    LogFormat “%{User-agent}i” agent
    CustomLog logs/access_log combined
    ServerSignature On
    Alias /icons/ “/var/www/icons/”

    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all

    # Location of the WebDAV lock database.
    DAVLockDB /var/lib/dav/lockdb

    ScriptAlias /cgi-bin/ “/var/www/htdocs/cgi-bin/”

    AllowOverride None
    Options None
    Order allow,deny
    Allow from all

    IndexOptions FancyIndexing VersionSort NameWidth=*
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    DefaultIcon /icons/unknown.gif
    ReadmeName README.html
    HeaderName HEADER.html
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
    ForceLanguagePriority Prefer Fallback
    AddDefaultCharset UTF-8
    AddCharset ISO-8859-1 .iso8859-1 .latin1
    AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
    AddCharset ISO-8859-3 .iso8859-3 .latin3
    AddCharset ISO-8859-4 .iso8859-4 .latin4
    AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
    AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
    AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
    AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
    AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
    AddCharset ISO-2022-JP .iso2022-jp .jis
    AddCharset ISO-2022-KR .iso2022-kr .kis
    AddCharset ISO-2022-CN .iso2022-cn .cis
    AddCharset Big5 .Big5 .big5
    AddCharset WINDOWS-1251 .cp-1251 .win-1251
    AddCharset CP866 .cp866
    AddCharset KOI8-r .koi8-r .koi8-ru
    AddCharset KOI8-ru .koi8-uk .ua
    AddCharset ISO-10646-UCS-2 .ucs2
    AddCharset ISO-10646-UCS-4 .ucs4
    AddCharset UTF-8 .utf8
    AddCharset GB2312 .gb2312 .gb
    AddCharset utf-7 .utf7
    AddCharset utf-8 .utf8
    AddCharset big5 .big5 .b5
    AddCharset EUC-TW .euc-tw
    AddCharset EUC-JP .euc-jp
    AddCharset EUC-KR .euc-kr
    AddCharset shift_jis .sjis
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .wml
    AddType application/x-httpd-cgi .cgi
    AddHandler cgi-script .cgi .pl
    AddHandler php-script wml
    AddHandler imap-file map
    AddHandler type-map var
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    php_value include_path .:/usr/local/lib/zend:/usr/local/lib/php
    Alias /error/ “/var/www/error/”

    AllowOverride None
    Options IncludesNoExec
    AddOutputFilter Includes html
    AddHandler type-map var
    Order allow,deny
    Allow from all
    LanguagePriority en es de fr
    ForceLanguagePriority Prefer Fallback

    BrowserMatch “Mozilla/2” nokeepalive
    BrowserMatch “MSIE 4\.0b2;” nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch “RealPlayer 4\.0” force-response-1.0
    BrowserMatch “Java/1\.0” force-response-1.0
    BrowserMatch “JDK/1\.0” force-response-1.0
    BrowserMatch “Microsoft Data Access Internet Publishing Provider” redirect-carefully
    BrowserMatch “^WebDrive” redirect-carefully
    BrowserMatch “^WebDAVFS/1.[012]” redirect-carefully
    BrowserMatch “^gnome-vfs” redirect-carefully

    Please help me
    Waiting for all your reply please.

  12. Ben K Says:

    I was seeing the error with perl scripts, even though I had FollowSymLinks in httpd.conf and .htaccess. This was on linux, and finally I found that the problem was in conf.d/perl.conf. I had


    Options ExecCGI

    I changed it to Options +ExecCGI
    and it solved the problem.

  13. Eric Hoff Says:

    I got the 403 error until I added +SymLinksIfOwnerMatch to the Options directive as well. So my .htaccess file looked like this:
    ——————–
    Options +FollowSymLinks +SymLinksIfOwnerMatch

    RewriteBase /
    RewriteEngine On
    ….

    ———————–
    Thanks again for the help though! Saved me a lot of work!

  14. skelly Says:

    While I fail to see the correlation between following symlinks and rewrite rules, this does appear also to do the trick for Apache 2.2 . I found another caveat however: not only does the Options directive need to appear before the RewriteEngine directive, in some cases it may need to be -immediately- before, as in the previous line. I had other completely unrelated directives between the two and for no sensible reason, the effect was nullified. However the solution worked once I relocated the other directives to after the ModRewrite rules by following Options immediately with the RewriteEngine directive. Stupid, but accepted. Thanks for the tip.

    – SK

  15. Thiago Taranto Says:

    Works for me with OSX Leopart and Apache22.

    Thanks!

  16. Daniel Says:

    Thanks, that helped me a lot.

  17. Brian Says:

    Thanks for the help.

    I found that I had to put a copy of my .htaccess file with Options +FollowSymLinks in the CGI directory too to get CGIs to run when the web root directory had its own .htaccess file that turned RewriteEngine on.

  18. Ian Says:

    Finally a fix that worked! I am running Apache/2.2.13 (Win32) and got this error with a virtual host that I added using the Uniform Server admin panel. Thank you.

  19. jorgen Says:

    fanx a lot – helped me too – even though searching for ‘Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden’ implies that I actually read the error_log file;-)

    Moving the ‘Options FollowSymLinks’ right above of the ‘RewriteEngine On’ line sure did the trick for me.

    So now – bookmark and back to work.

    kind regards
    jj

  20. Re: no permission to access MAMP on this server « wogahilog Says:

    […] the error “Options FollowSymLinks or SymLinksIfOwnerMatch is off” and finding this page:http://www.elharo.com/blog/software-development/web-development/2006/01/02/two-tips-for-fixing-apach…, then somehow figuring out that the httpd.conf file was the same as an htaccess file, and finally […]

  21. Maarten Says:

    Thanks for helping me find a solution to my problem!

  22. Daisy Says:

    I was having the exact same problem, getting 403 Forbidden. What I did to fix the problem was go into httpd.conf and replace the following between the Directory tags:

    Options Indexes FollowSymLinks
    AllowOverride All

    to

    Options Indexes FollowSymLinks
    AllowOverride None

    I hope this helps someone out :)

  23. Asiat Says:

    Thanks, this tip saved me from a support call and hours of fustration.

  24. Jeff Says:

    thank you so much for providing this solution. I was on the street of pain for over an hour until I finally looked at my logs, and then I was able to find this resource and apply your suggestion to my WordPress .htaccess file

  25. Lichi Says:

    Thanks!!.. this saved my day!

  26. Andrew McCombe Says:

    If you are still getting the ‘Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden’ error message, try removing the ‘+’ at the start of +FollowSymLinks.

    Using + and – is invalid syntax according to the apache website (See the notes section of Options at http://httpd.apache.org/docs/current/mod/core.html#options).

  27. Andrew McCombe Says:

    Sorry, my previous comment is ambigous. The mixing of + and – is invalid. You can still use them.

Leave a Reply