Search code examples
macosapacheperlhttpd.confcgi-bin

"You don't have permission to access this resource." for perl scripts in CGI-Executables/ on Mac OS 11 - Big Sur

I am receiving "You don't have permission to access this resource." for perl scripts in /Library/WebServer/CGI-Executables/ on Mac OS 11 - Big Sur. I have a simple test script:

#!/usr/bin/perl
print "Content-type: text/html; charset=iso-8859-1\n\n";
print "<html>";
print "<body>";
print "Test Page";
print "</body>";
print "</html>";
print "\n";

When I execute it from Terminal, it runs properly and its output is:

Content-type: text/html; charset=iso-8859-1

<html><body>Test Page</body></html>

I believe the file permissions for the script:

-rwxr-xr-x   1 <my-username>  wheel    170 Aug 31 04:50 test.pl*

are correct.

I believe the file permissions for the directory in which the script lives:

drwxr-xr-x  24 <my-username>  wheel   768 Aug 31 18:52 CGI-Executables/

are also correct.

I believe my httpd.conf is correctly configured:

<IfModule !mpm_prefork_module>
        #LoadModule cgid_module lib/httpd/modules/mod_cgid.so                                                                                                          
</IfModule>
<IfModule mpm_prefork_module>
        LoadModule cgi_module lib/httpd/modules/mod_cgi.so
</IfModule>

and

ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables"

<Directory "/Library/WebServer/CGI-Executables">
    AddHandler cgi-script .cgi .pl .pm
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride None
    Allow from all
    Require all granted
</Directory>

While I believe all of this to be correct, clearly, one or more of these beliefs is false, because when I try to open test.pl in a web browser using http://localhost/cgi-bin/test.pl I get the error message:

Forbidden

You don't have permission to access this resource.

EDIT

After @ikegami 's suggestion that I look at the logs, I find in /usr/local/var/log/httpd/error_log:

[Sat Sep 03 07:55:17.605501 2022] [authz_core:error] [pid 3035] [client ::1:61483] AH01630: client denied by server configuration: /Library/WebServer/CGI-Executablestest.pl

which led me to Apache2: 'AH01630: client denied by server configuration', and the suggestion that I modify my httpd.conf, adding:

    Order allow,deny

So, now my httpd.conf looks like:

ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables"

<Directory "/Library/WebServer/CGI-Executables">
    AddHandler cgi-script .cgi .pl .pm
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride None
    Allow from all
    Order allow,deny
    Require all granted
</Directory>

But after a brew services restart httpd, I am still getting the AH01630 error above.

Solution

  • It is a kind of attention to details test.

    Look at very end of this

    3035] [client ::1:61483] AH01630: client denied by server configuration: /Library/WebServer/CGI-Executablestest.pl

    And look at this

    ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables"

    and change it to this

    ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables/"