Wordpress/apache2 - AH01797: client denied by server configuration

axel_ande
October 12, 2023
275 views
0 votes
2 Answers

I’ve recently updated my Ubuntu server to 22.04 but I have some issues when trying to modify my WordPress site, I’m just getting:

You don't have permission to access this resource.

And when I look in the apache2 error log I can see:
[access_compat:error] [pid 1619605] [client 185.224.57.161:58465] AH01797: client denied by server configuration: /var/www/example/wp-admin/customize.php, referer: http://www.example.com/

This is my apache site.conf

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/example
    <Directory /var/www/example>
        AllowOverride all
        Require all granted
    </Directory>
    <Directory /var/www/example/wp-admin>
        AllowOverride all
        Require all granted
    </Directory>
    DirectoryIndex index.php

    WSGIDaemonProcess flaskapp user=username group=username threads=5
    WSGIScriptAlias /create /var/www/flask/flaskapp.wsgi
    ErrorLog ${APACHE_LOG_DIR}/word_error.log

</VirtualHost>

I have given access to files like this: https://stackoverflow.com/a/23755604/3332023

running: Apache/2.4.57 (Ubuntu)

This is how the error file looks, and what PID that is denied etc.

[Thu Oct 12 15:45:52.657776 2023] [access_compat:error] [pid 3070059] [client 217.116.228.14:60801] AH01797: client denied by server configuration: /var/www/example/wp-admin/post.php, referer: http://www.example.com/

To see what what user tried to execute it I used:

ps aux | egrep ‘(apache|httpd)’

www-data    1254  0.0  0.0   7852   184 ?        Ss   okt08   0:13 /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n
root     3070052  0.0  0.2 320480 38108 ?        Ss   15:45   0:00 /usr/sbin/apache2 -k start
www-data 3070053  0.0  0.1 320468 16932 ?        S    15:45   0:00 /usr/sbin/apache2 -k start
user     3070054  0.0  0.1 447824 24268 ?        Sl   15:45   0:00 /usr/sbin/apache2 -k start
www-data 3070055  2.0  0.5 333164 82232 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070056  1.8  0.5 406980 82828 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070057  1.6  0.4 331108 79460 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070058  1.6  0.4 333176 79548 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070059  1.5  0.5 335504 88984 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070116  2.2  0.6 435444 100364 ?       S    15:45   0:02 /usr/sbin/apache2 -k start
www-data 3070268  1.8  0.4 333116 79548 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070346  1.4  0.4 329064 77984 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070371  1.3  0.4 330824 77372 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
www-data 3070372  1.4  0.4 329000 76768 ?        S    15:45   0:01 /usr/sbin/apache2 -k start
user     3072180  0.0  0.0  12088  2488 pts/0    S+   15:46   0:00 grep -E --color=auto (apache|httpd)

So 3070059 was running by the www-data user, to see what permissions is set I used:

ls /var/www/example/ -lh

-rw-r--r--  1 www-data www-data  15K okt  8 08:37 about.php
drwxr-xr-x  2 www-data www-data 4,0K jun 23 04:00 backup_1
-rw-r--r--  1 www-data www-data   39 jun  1 03:26 classsmtps.php
-rw-r--r--  1 www-data www-data  405 feb  6  2020 index.php
-rw-r--r--  1 www-data www-data  20K jan  1  2023 license.txt
-rw-r--r--  1 www-data www-data  31K jun 23 04:00 mah.php
-rw-r--r--  1 www-data www-data 6,0K jun  1 03:26 mds.php
-rw-r--r--  1 www-data www-data 7,3K jul  5 19:41 readme.html
drwxr-xr-x  2 www-data www-data 4,0K jun 23 04:00 saiga
-rw-r--r--  1 www-data www-data 7,1K maj 12 23:35 wp-activate.php
drwxr-xr-x  9 www-data www-data 4,0K aug 29 16:14 wp-admin
-rw-r--r--  1 www-data www-data  351 feb  6  2020 wp-blog-header.php
-rw-r--r--  1 www-data www-data 2,3K jun 14 16:11 wp-comments-post.php
-rw-r--r--  1 www-data www-data 3,4K okt 10 08:53 wp-config.php
-rw-r--r--  1 www-data www-data 3,0K feb 23  2023 wp-config-sample.php
drwxr-xr-x  8 www-data www-data 4,0K okt  9 13:34 wp-content
-rw-r--r--  1 www-data www-data 5,6K maj 30 20:48 wp-cron.php
drwxr-xr-x 28 www-data www-data  12K aug 29 16:14 wp-includes
-rw-r--r--  1 www-data www-data 2,5K nov 26  2022 wp-links-opml.php
-rw-r--r--  1 www-data www-data 3,9K jul 16 14:16 wp-load.php
-rw-r--r--  1 www-data www-data  49K jul 17 15:18 wp-login.php
-rw-r--r--  1 www-data www-data 8,4K jun 22 16:36 wp-mail.php
-rw-r--r--  1 www-data www-data  26K jul 25 08:35 wp-settings.php
-rw-r--r--  1 www-data www-data  34K jun 19 20:27 wp-signup.php
-rw-r--r--  1 www-data www-data 4,8K jun 22 16:36 wp-trackback.php
-rw-r--r--  1 www-data www-data 3,2K jun 14 16:11 xmlrpc.php

Answers

- hanshenrik
- October 12, 2023 at 9:21 am
- 0 votes
0
first find out what user your PHP runs as, on linux you can find out by running <?php var_dump(shell_exec("id"));?>

By default on Ubuntu, it’s the www-data user, so i will refer to it as the www-data user below.

Next make sure www-data owns all the files in /var/www:
```
sudo chown -Rv www-data:www-data /var/www
```
next we need to make sure all the directories are executable and writable and readable by the www-data user:
```
sudo find /var/www -type d -exec chmod -v u+rwx {} ;
```
next we need to make sure all the files are readable and writable by the www-data user:
```
sudo find /var/www -type f -exec chmod -v u+rw {} ;
```
that should fix your permission issue 🙂 glhf
Login or Signup to reply.

- PeymanMohamadpour
- October 12, 2023 at 4:14 pm
- 0 votes
0
The error message you’re encountering:

You don’t have permission to access this resource

along with the corresponding entry in the Apache error log:

[access_compat:error] [pid 1619605] [client 185.224.57.161:58465] AH01797: client denied by server configuration: /var/www/example/wp-admin/customize.php, referer: http://www.example.com/

indicate that the client is being denied access to the
```
/var/www/example/wp-admin/customize.php
```
file on your Ubuntu running WordPress.

To resolve this issue, you can try the following steps:
1. Ensure that the /var/www/example/wp-admin/customize.php file and its parent directories have the correct permissions. The Apache user (often www-data) should have read and execute permissions on the file and its directories. You can use the chmod command to modify file permissions if needed.
2. Check the Apache configuration file (/etc/apache2/apache2.conf or /etc/apache2/sites-available/your-site.conf) and make sure that the necessary directives are properly configured to allow access to the WordPress admin area (/wp-admin). Look for any Deny or Allow directives that may be restricting access. You may need to adjust these directives to allow access from your client IP address or network subnet.
3. Sometimes, browser cache or cookies can cause permission-related issues. Clear your browser’s cache and cookies, then try accessing the WordPress admin area again. If possible change the browser or switch into Incognito mode on Google Chrome.
4. If you have security plugins or features enabled in WordPress that could be blocking access, temporarily disable them and see if the issue persists. This will help identify if any security measures are causing the problem.
5. Review the .htaccess file in the /var/www/example/ directory (or the root directory of your WordPress installation). Look for any rules or directives that may be interfering with access to the customize.php file. Temporarily rename or remove the .htaccess file and see if the issue is resolved.
6. Ensure that the files and directories in your WordPress installation are owned by the appropriate user and group. The Apache user (often www-data) should have ownership or at least read and execute permissions on the necessary files (search online for Unix file and directory permissions if your do not know about it).
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

WordPress/apache2 – AH01797: client denied by server configuration

Answers