External Script Returns Http 403

[Renegade605]

I've decided to start converting all the scripts on my pages to external ones for readability, organisation, and I like to use a different editor for JS versus HTML.Anyway, I got one done, and then realized I had a problem, it didn't work. By looking at the source with Firebug, it turns out that instead of receiving the script in response, I get a 403 Forbidden error.I admin my own webserver, it's Apache 2.2.9 running as part of XAMPP 1.6.7. Can someone tell me how to fix it so the pages are allowed to access these JS files?Thanks,Renegade

[jarrett000]

Are the perms set to 0644? Mine work fine with those perms and I get the same problem you do upon changing them.

[Renegade605]

Where to I go about changing those?

[Renegade605]

Bump please. How do I change these?

[jlhaslip]

In Linux, chmod the file in Terminal will do that.In windows, wait for another answer.

[Renegade605]

In windows, wait for another answer.

And so I wait...

[zppblood]

Did you ever work on any .htaccess files, or perhaps messed with the Apache config file?

[Renegade605]

I changed a few things, like the htdocs location and one or two other things; I don't remember exactly what.I suppose it's also worth pointing out that other webpages can link to scripts on my webserver, it's only my own pages that can't.

[boen_robot]

I changed a few things, like the htdocs location and one or two other things; I don't remember exactly what.I suppose it's also worth pointing out that other webpages can link to scripts on my webserver, it's only my own pages that can't.

Make sure that any folder within htdocs has reading permissions from within Apache. If the file that gives this 403 is outside of htdocs (and fetched with an alias), make sure that the physical path at that location has reading permissions as well.The part with htdocs' directory permissions should look something similar to this

<Directory "D:/path/to/htdocs">	#	# Possible values for the Options directive are "None", "All",	# or any combination of:	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews	#	# Note that "MultiViews" must be named *explicitly* --- "Options All"	# doesn't give it to you.	#	# The Options directive is both complicated and important.  Please see	# http://httpd.apache.org/docs/2.2/mod/core.html#options	# for more information.	#	Options Indexes FollowSymLinks	#	# AllowOverride controls what directives may be placed in .htaccess files.	# It can be "All", "None", or any combination of the keywords:	#   Options FileInfo AuthConfig Limit	#	AllowOverride None	#	# Controls who can get stuff from this server.	#	Order allow,deny	Allow from all</Directory>

Make sure that all other folders also have similar permissions.

[justsomeguy]

In Windows you can right-click on a file or folder and go to Security (location depending on OS), and the user to add or set permissions for is IUSR_<COMPUTER-NAME>

[Renegade605]

Make sure that any folder within htdocs has reading permissions from within Apache. If the file that gives this 403 is outside of htdocs (and fetched with an alias), make sure that the physical path at that location has reading permissions as well.The part with htdocs' directory permissions should look something similar to this

<snip>

Make sure that all other folders also have similar permissions.

There are a few differences with mine, I'm not sure exactly what to change to fix this problem.The Directory is different (obviously)The 'Options' directive has that + Includes ExecCGIThe 'AllowOverride' is set to AllWhat should I change?

[zppblood]

Is there a Deny from all?

[Renegade605]

<Directory "C:/SERVER/XAMPP/htdocs">	#	# Possible values for the Options directive are "None", "All",	# or any combination of:	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews	#	# Note that "MultiViews" must be named *explicitly* --- "Options All"	# doesn't give it to you.	#	# The Options directive is both complicated and important.  Please see	# http://httpd.apache.org/docs/2.2/mod/core.html#options	# for more information.	#	Options Indexes FollowSymLinks Includes ExecCGI   	#	# AllowOverride controls what directives may be placed in .htaccess files.	# It can be "All", "None", or any combination of the keywords:	#   Options FileInfo AuthConfig Limit	#	AllowOverride All	#	# Controls who can get stuff from this server.	#	Order allow,deny	Allow from all</Directory>

[boen_robot]

<Directory "C:/SERVER/XAMPP/htdocs">	#	# Possible values for the Options directive are "None", "All",	# or any combination of:	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews	#	# Note that "MultiViews" must be named *explicitly* --- "Options All"	# doesn't give it to you.	#	# The Options directive is both complicated and important.  Please see	# http://httpd.apache.org/docs/2.2/mod/core.html#options	# for more information.	#	Options Indexes FollowSymLinks Includes ExecCGI   	#	# AllowOverride controls what directives may be placed in .htaccess files.	# It can be "All", "None", or any combination of the keywords:	#   Options FileInfo AuthConfig Limit	#	AllowOverride All	#	# Controls who can get stuff from this server.	#	Order allow,deny	Allow from all</Directory>

If you also have

DocumentRoot "C:/SERVER/XAMPP/htdocs"

This should be ok so far.Do you have any "Alias" directives? If so, copy the above for every such Alias and change the path to the path in the Alias.Also, as suggested, search your config files for "Deny from all".

[Renegade605]

Deny from all is present in these locations:

# First, we configure the "default" to be a very restrictive set of # features.  #<Directory />	Options FollowSymLinks	AllowOverride None	Order deny,allow	Deny from all</Directory>

## The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. #<FilesMatch "^\.ht">	Order allow,deny	Deny from all</FilesMatch>

I also found a few references to Alias:

<IfModule alias_module>	ScriptAlias /cgi-bin/ "C:/SERVER/XAMPP/cgi-bin/"</IfModule>

LoadModule alias_module modules/mod_alias.so

I have to admit I'm at a loss, I really have no idea what any of this does (I suppose I should...). I also strikes me as odd that the only pages that have this error are my own (trying to access scripts internally); plus, the PHP include/require still works.

[boen_robot]

It's normal that PHP doesn't get this. It operates on a file level, not HTTP level.Let's get a little raw here. Can you give a sample URL that gives you 403? I mean, like for example:

localhost/folder/subfolder/file.txt

And a URL that does not give this error. Where should the physical location of both files be? For example, the file for the URL above should be at

C:\SERVER\XAMPP\htdocs\folder\subfolder\file.txt

[Renegade605]

Whoops...Okay, so sorry to waste everyone's time, but it turns out it was a typo on my part that caused this whole debacle... (Apparently, forgetting to close the quotes on the src of a script element doesn't go over too well with my browser.)So, thank you everyone for your help, feel free to smack me for my stupidity.

[boen_robot]

feel free to smack me for my stupidity.

Offtopic://(sort of)That's one of the few times when I wish the internet could allow me to do that... just a single small slap on the back of the head, nothing serious .

[Renegade605]

Just put your hand on the monitor and push as hard as you can, maybe something will happen.

[boen_robot]

Just put your hand on the monitor and push as hard as you can, maybe something will happen.

Yeah... something will happen all right... I'll be buying a new monitor... I have an LCD one, and I know what happens if you push such a display hard enough . And if you mean on top of it, I've tried it before, and it didn't worked .