digininja/DVWA

I get Access denied. accessing setup.php or any other page

igotfr opened this issue · 18 comments

igotfr commented

Questions here may or may not be answered depending on the state of the question, to increase your chance, read this before asking Asking For Technical Help.

Basically, the more details you give, the more chance of getting an answer. We need at least:

  • Where did you get DVWA from?
    from github
  • What OS are you installing it on?
    Fedora 37
  • Last five lines from the web server access and error log from the time the error occurred if you got that far.
  • The error you got when you got stuck.
    I get Access denied. accessing setup.php or any other page
  • Any previous errors.
  • What you have tried to do yourself to fix the problem.
  • PHP version
    8.1.25

Support will only be given for users running the latest pull of code from GitHub. Not a tagged release, not a pre-installed app, not a ZIP you got from a mate.

digininja commented

can you send the last five lines from your Apache log, a screenshot of the error, what directory have you installed dvwa into and what is the document root line in the Apache config file.

igotfr commented

@digininja $ cat /var/log/httpd/error_log

[Wed Jan 10 15:34:11.275225 2024] [mpm_event:notice] [pid 4801:tid 4801] AH00489: Apache/2.4.58 (Fedora Linux) configured -- resuming normal operations
[Wed Jan 10 15:34:11.275334 2024] [core:notice] [pid 4801:tid 4801] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jan 10 15:34:19.232953 2024] [autoindex:error] [pid 4815:tid 4919] [client ::1:34628] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
[Wed Jan 10 15:34:35.529457 2024] [proxy_fcgi:error] [pid 4815:tid 4914] [client ::1:34630] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/index.php (Permission denied)'
[Wed Jan 10 15:34:47.263306 2024] [proxy_fcgi:error] [pid 4816:tid 4948] [client ::1:37478] AH01071: Got error 'Unable to open primary script: /var/www/html/DVWA/setup.php (Permission denied)'
digininja commented
igotfr commented

@digininja sorry, I didn't understand what the third line means:

[Wed Jan 10 15:34:19.232953 2024] [autoindex:error] [pid 4815:tid 4919] [client ::1:34628] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

I have already edited the httpd.conf to:

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

but the problem persists

igotfr commented

@digininja
image

I have installed the dvwa on directory /var/www/html

$ /etc/httpd/conf/httpd.conf

DocumentRoot "/var/www/html"
digininja commented
igotfr commented

@digininja yes, the files are in /var/www/html/DVWA

digininja commented
igotfr commented

@digininja I'm browsing http://localhost/DVWA/setup.php according the screenshot

digininja commented
igotfr commented

@digininja I put a test .php file with the same permission of the files in DVWA in the folder DVWA and it works

digininja commented
digininja commented
igotfr commented

@digininja
image

a.php is the file that I created for test that works

digininja commented
sukalaper commented

@digininja image

I have installed the dvwa on directory /var/www/html

$ /etc/httpd/conf/httpd.conf

DocumentRoot "/var/www/html"

Hi, have you set on this line?

  1. allow_url_fopen = On
  2. allow_url_include values = On
digininja commented
hoang-himself commented

@igotfr have you resolved this issue?

My best guess is everything in /var/www/ should be owned by www.
Try chown -R www /var/www.