CGI-BIN: Forbidden You don't have permission to access /cgi-bin/php5.cgi/index.php on this server.

Virtualmin
1

I had a issue where some directories would be www-data I have just learned to switch the site to CGI-Wrapper or FCGId to run scripts as users and not www-data.

Now I have the issue of cgi throwing up a error message when I try to run php pages.

Forbidden

You don’t have permission to access /cgi-bin/php5.cgi/index.php on this server.

The logged error is: (error edited for privacy)

[Thu Jun 19 02:34:54.345268 2014] [authz_core:error] [pid 3970] [client 110.175.205.XXX:59112] AH01630: client denied by server configuration: /home/webmaster/domains/wordpress.server.revnet/cgi-bin/php5.cgi

Contents of that file auto made by virtualmin is:

#!/bin/bash PHPRC=$DOCUMENT_ROOT/../etc/php5 export PHPRC umask 022 if [ "$REDIRECT_URL" != "" ]; then SCRIPT_NAME=$REDIRECT_URL export SCRIPT_NAME fi exec /usr/bin/php5

Here is the sites-available code for that site.

<VirtualHost *:80> SuexecUserGroup "#1005" "#1005" ServerName wordpress.server.revnet ServerAlias www.wordpress.server.revnet DocumentRoot /home/webmaster/domains/wordpress.server.revnet/public_html ErrorLog /var/log/virtualmin/wordpress.server.revnet_error_log CustomLog /var/log/virtualmin/wordpress.server.revnet_access_log combined ScriptAlias /cgi-bin/ /home/webmaster/domains/wordpress.server.revnet/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/webmaster/domains/wordpress.server.revnet/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted Action application/x-httpd-php5 /cgi-bin/php5.cgi AddType application/x-httpd-php5 .php5 AddType application/x-httpd-php5 .php </Directory> <Directory /home/webmaster/domains/wordpress.server.revnet/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory> RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off </VirtualHost>

Any advice?

Update: I seem to have one part of the problem fixed I installed FCGId manually using apt-get and its loading php pages I’m going to test uploads etc.

Here is that config.

#!/bin/bash PHPRC=$PWD/../etc/php5 export PHPRC umask 022 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=99999 export PHP_FCGI_MAX_REQUESTS SCRIPT_FILENAME=$PATH_TRANSLATED export SCRIPT_FILENAME exec /usr/bin/php5-cgi

But cgi-wrapper isn’t working and still coming up with the same error, so help me fix that part please.

I switched to cgi wrapper and maximum script time is automatically set to 0 value with php5-cgi installed.

php5.cgi has also slightly changed now I installed php-cgi to:

#!/bin/bash PHPRC=$DOCUMENT_ROOT/../etc/php5 export PHPRC umask 022 if [ "$REDIRECT_URL" != "" ]; then SCRIPT_NAME=$REDIRECT_URL export SCRIPT_NAME fi SCRIPT_FILENAME=$PATH_TRANSLATED export SCRIPT_FILENAME exec /usr/bin/php5-cgi

2

Howdy,

I seem to have one part of the problem fixed I installed FCGId manually using apt-get and its loading php pages I’m going to test uploads etc.

Hmm, FCGID is normally installed by default when performing a Virtualmin installation using the install.sh script.

How did you go about installing Virtualmin?

Also, what distro/version are you using?

And how are you switching between mod_php, CGI, and FCGID, are you using Server Configuration -> Website Options -> PHP Execution Mode to do that?

-Eric

3

Howdy,

I seem to have one part of the problem fixed I installed FCGId manually using apt-get and its loading php pages I’m going to test uploads etc.

Hmm, FCGID is normally installed by default when performing a Virtualmin installation using the install.sh script.

How did you go about installing Virtualmin?

Also, what distro/version are you using?

And how are you switching between mod_php, CGI, and FCGID, are you using Server Configuration -> Website Options -> PHP Execution Mode to do that?

-Eric

4

I installed via the webmin setup here http://www.webmin.com/vdownload.html as I had webmin on first.

I looked at the script to see if there was anything I could do extra.

I’m using Ubuntu 14.04.

Yes I am using that method to switch the mode.

May try the script out in a vm and see whats what as I already have quite a setup here and while I could do a complete re-install as there’s not much on here actually set up yet I really only want to do that if needed.

5

I Just setup a vm with ubuntu server and used the scripte granted I had apache and mysql on from the server setup and got the same error on cgi wrapper.

[code]Forbidden

You don’t have permission to access /cgi-bin/php5.cgi/wordpress/index.php on this server.[/code]

Ill try again with a new fresh install no ssl apache etc and see.

FCGIid works.

6

I Just setup a vm with ubuntu server and used the script granted I had apache and mysql on from the initial server setup and got the same error on cgi wrapper.

[code]Forbidden

You don’t have permission to access /cgi-bin/php5.cgi/wordpress/index.php on this server.[/code]

Ill try again with a new fresh vm install no ssl apache etc and see what the output is.

FCGId works which is the same as my server.

I have been comparing files side by side with ‘mc’ between the vm and my box to check and everything so far matches.

I don’t have spamassassin etc on on the server might look at that later if needed.

Whoops double post.

More info:

A fresh Ubuntu Server 14.04 install no lamp/ssl or any extras selected in the installer, its totally vanilla straight out of the install not even a ‘apt-get upgrade’ to the latest packages were run, I installed the virtualmin script without doing anything else letting Virtualmin install Apache MYSQL PHP and everything else needed.

Same error on CGI Wrapper, FGCId works.

[code]Forbidden

You don’t have permission to access /cgi-bin/php5.cgi/wordpress/index.php on this server.[/code]

I believe this is a bug now with CGI Wrapper on Ubuntu.

I could try a Centos vanilla and see what that does in a KVM with CGI if someone wanted.

7

Howdy,

It took more digging than I would have liked to determine what’s going on here :slight_smile:

But it does indeed seem to be a problem with Virtualmin’s CGI support on Ubuntu 14.04.

And there are actually two problems occurring here.

In the Apache config, within the section <Directory /home/USERNAME/cgi-bin>, there needs to be a line reading as follows:

Require all granted

Second, I believe the CGI module on Ubuntu 14.04 is disabled by default, and may need to be enabled.

To do that, run these two commands:

a2enmod cgi service apache2 restart

After that, does it work properly for you?

-Eric

8

I got it working looking more into your post.

In the virtual server conf file it I had the lines:

<Directory /home/webmaster/domains/wordpress.server.revnet/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory>

It needed to be.

<Directory /home/webmaster/domains/wordpress.server.revnet/cgi-bin> Require all granted AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory>

I can change the default in the virtiualmin area, Directives and settings for all new websites.

There is another directive with ‘allow from all’ should this also be changed to Require all granted? it also shows Require All granted on the output file for this section.

Virtualmin Directive Section.

<Directory ${HOME}/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory>

Output directive of the above the application is probably the php mime type I added to get php showing instead of the code.

<Directory /home/webmaster/domains/wordpress.server.revnet/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted Action application/x-httpd-php5 /cgi-bin/php5.cgi AddType application/x-httpd-php5 .php5 AddType application/x-httpd-php5 .php </Directory>
Full output conf file of host.

<VirtualHost *:80> SuexecUserGroup "#1005" "#1005" ServerName wordpress.server.revnet ServerAlias www.wordpress.server.revnet DocumentRoot /home/webmaster/domains/wordpress.server.revnet/public_html ErrorLog /var/log/virtualmin/wordpress.server.revnet_error_log CustomLog /var/log/virtualmin/wordpress.server.revnet_access_log combined ScriptAlias /cgi-bin/ /home/webmaster/domains/wordpress.server.revnet/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/webmaster/domains/wordpress.server.revnet/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted Action application/x-httpd-php5 /cgi-bin/php5.cgi AddType application/x-httpd-php5 .php5 AddType application/x-httpd-php5 .php </Directory> <Directory /home/webmaster/domains/wordpress.server.revnet/cgi-bin> Require all granted AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory> RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off </VirtualHost>

Is it better to use the CGI Wrapper or FCGId?

This im editing and asking about is what was default with a virtualmin install for ubuntu so I hope this is useful for a fix for future versions of virtualmin with default directives.

9

Hello, I had the same problem with ubuntu 14.04 when restoring to a new server.
thank you for this solution to work perfectly

in french :
bonjour,
j’ai eu le même probleme avec ubuntu 14.04 lors d’une restauration sur un nouveau serveur.
merci pour cette solution qui à parfaitement fonctionner

Dans virtualmin “sur le serveur virtuel en cause” :
services > configure website > affichage des directives >
changer les (change):
allow from all
par (to) :
Require all granted

10

Hi,
other source : http://httpd.apache.org/docs/2.4/fr/upgrading.html

version 2.2 :
Order allow,deny
Allow from all

version 2.4 :
Require all granted

thank you.

11

Hello, I changed it to be effective on future virtual servers

system settings > server templates > apache website
change here :
allow from all
to :
Require all granted

I add a new virtual server, it is configured with the correct information