Question 2962 in Wordpress Question posted in
The official Wordpress documentation can be found here.

Synology Personal Websites htaccess results in 403 errors – WordPress

  • Synology Server with DSM 7.1.x (recently updated from DSM 6.x and downgrading back down to DSM 6.x is not recommended by Synology)
  • Webstation Enabled with HTTP back-end server: Apache HTTP Server 2.4 and PHP:
    PHP 8.0
  • Personal Websites with these settings HTTP back-end server: Apache HTTP Server 2.4 and
    PHP: PHP 7.4
  • Personal Websites use WordPress 5.x or 6.x which require a .htaccess file

Problem: Personal Website .htaccess in /homes/user/www folders causes the 403 error

Could delete .htaccess to stop 403 error but Personal Websites use WordPress which requires .htaccess – cannot just delete this file because some WordPress actions recreates the .htaccess file (such as changing Settings > Permalinks)
Newly created test user case: tmp

  • homes/tmp/www folder has "users" group with 775 permissions
  • homes/tmp/www/.htaccess has owner of "username" and group of "users" with 770 permissions
  • homes/tmp/www/wp-config.php has owner of "username" and group of "users" with 770 permissions
  • Even with permissions of 777 for ALL files in homes/tmp/www, the 403 error still exists with .htaccess
  • After deleting the .htaccess and creating/publishing a new page, viewing the new page results in a 404 error.

Default .htaccess lines

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /~username/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /~username/index.php [L]
</IfModule>

Even if .htaccess has no lines of code at all, the 403 error exists. So just the existence of the .htaccess file regardless of content causes a 403 error.

Anyone have ideas to solve this problem?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Solution I stumbled upon:

    Edit the httpd2x.conf for Apache2.x (whichever is chosen for Personal Websites)

    Add the following code

    UserDir www
<Directory "var/services/homes/*/www">
    Options FollowSymLinks
    AllowOverride All
</Directory>

    I tried a bunch of stuff and I think the above was the trick.


  2. 0 
    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /~username/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /~username/index.php [L]
</IfModule>

    It looks like you are using Apache per-user web directories? If that’s the case then /~username is not a physical directory (it’s an "alias" to your user directory) and your document root is effectively /~username/ (which really messes with root-relative URL-paths).

    In which case, your .htaccess should be like this instead:

    RewriteEngine On

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]

    Note that I’ve removed the RewriteBase directive altogether.

    However, if this is part of the WordPress code block (ie. inside # BEGIN WordPress# END WordPress) comment markers then WordPress is going to try and overwrite your changes unless you take additional steps to prevent this.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search