Forbidden You don't have permission to access this resource

| SYSTEM INFORMATION||
|------------------------------|-------------------------------|
Operating system Ubuntu Linux | 24.04.1
Webmin version | 2.202
Virtualmin version | 7.30.4
Apache Webserver | 2.4.58

I am working on a Python-based Flask API, and all its files are located on a subserver/subdomain. When I try to access the API through the subdomain(URL), it returns a 403 error stating, “Forbidden: You don’t have permission to access this resource.” However, when I access the same API using the local or public IP, it opens and works perfectly.

What am I doing wrong? Please guide me.

Thumbnails (1)1280×720 138 KB

Path to the API files = /var/www/main_domain/domains/sub.main_domain.com/public_html

Presumably you’ve got an application server serving the Python, and presumably that’s on a port, and when you say it “works using the local or public IP” you mean you’re also using the port?

If so, you need to proxy to your application. You may be able to use Proxy Paths in the Virtualmin GUI, or you may need to do something more complicated (depending on expectations of your application wrt URLs and such).

You should not put Python applications in public_html.

Users have no business in the Python, and Apache cannot do anything useful for Python files.

Only static files (HTML, CSS, images, etc.) belong in public_html. Python isn’t like PHP, it doesn’t live in the document root, it’s got its own web server which should be serving the application on a port on localhost (or, better, a socket), and the web server should proxy to it.

@Joe Respected Sir i have just updated the question and added the screenshot of the files I am using as well as the path to those files

I saw that, and already answered. That’s not where Python files belong. Python runs under an application server, not Apache. So, they don’t need to be in the document root, and since they don’t need to be in the document root, they should not be in the document root (for safety, if you make a mistake in your configuration files, your files could be or become visible to users).

what I have understood is that I should change the hierarchy of the files and folders here . am I right

The reason it’s not working is not related to where the files are. The reason it’s not working is because you’re expecting Apache to run Python, and that’s not how it works. You need an application server, and presumably you have one running since you said you can access it on the IP (with a port, I guess). You need to proxy to that application server.

I’m also telling you to not do something potentially dangerous. Get your files out of public_html. They don’t belong there.

I’m repeating myself, though. Please just re-read what I’ve already written. I have told you what you need to do, multiple times.

@Joe Sir im following the following mentioned article

and completed all the steps

one more thing I have also used Apache wherever Nginx was mention

Why? Apache is not Nginx - they are not the same - they are both webservers - yes, but are otherwise - no!

but this still does not change the fact that apps should not be in public_html

sir I want to deal with this issue first then I will definitely Get my files out of public_html

I understand things late so can you please guide me how can I proxy the API so that it can run when I search it using the URL of my subdomain

so I get it now, i need to change the path of some files here and bring them out of the public_html

below is mentioned the path where the files of my API are currently located

/var/www/main_domain/domains/sub.main_domain.com/public_html

@Joe please have a look at the files I have and please guide me what files I should bring out of the public_html

Thumbnails (1)1280×720 138 KB