Articles in this section

All domains show 403 Forbidden in Plesk: You don't have permission to access

Denis Pankov
Updated
Plesk for Linux kb: technical apache

Symptoms

  • All websites hosted in Plesk are not working:

    CONFIG_TEXT: You don't have permission to access / on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    Or, the blank page is shown instead of content.

  • The domain's error log in Domains > example.com > Dashboard > Logs contains the following:

    CONFIG_TEXT: (13)Permission denied: /var/www/vhosts/example.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://example.com/
    (13)Permission denied: [client 203.0.113.2:39024] AH00529: /var/www/vhosts/example.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/example.com/httpdocs/' is executable

Cause

Apache service does not have proper permissions to vhost or httpdocs folder.

Resolution

Fix Apache user permissions:

For Debian
  • Connect to the Plesk server via SSH.

  • Find the username that is used by the Apache service. This username is defined in the APACHE_RUN_USER variable in /etc/apache2/envvars:

    # grep APACHE_RUN_USER /etc/apache2/envvars
    export APACHE_RUN_USER=www-data

  • Add that user to the psaserv group. For example, if the Apache user is www-data, you would add the user in the psaserv group as below:

    # usermod -a -G psaserv www-data

  • Restart web server

    # service apache2 restart

For CentOS
  • Connect to the Plesk server via SSH.

  • Make sure that Apache process is executed by the apache user and group:

    # egrep -R ^User\|^Group /etc/httpd/conf/httpd.conf
    User apache
    Group apache

    # lsof /usr/sbin/httpd
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    httpd 1357 root txt REG 8,1 523608 33181 /usr/sbin/httpd
    httpd 2791 apache txt REG 8,1 523608 33181 /usr/sbin/httpd

  • Set the apache user with the apache and psaserv group:

    # usermod -G "apache,psaserv" apache

  • Restart web server

    # service httpd restart

Note: If the server is running on Proxmox VE, this configuration is not going to work as expected. Please contact Proxmox support for further assistance.

Note: It is also worth checking SELinux in case CentOS is used on the server. Set it to permissive with setenforce 0 command to check it.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.