Nextcloud version (eg, 20.0.5): Nextcloud Hub 3 (25.0.3)
Operating system and version (eg, Ubuntu 20.04): DietPi Debian bullseye
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.54
PHP version (eg, 7.4): 7.4.33
The issue you are facing:
I am getting multiple 403s from Nextcloud clients (web, Android, PC) with the following error log output (where x.x.x.x below is my local IP address):
Feb 01 18:59:12 DietPi apache2[222383]: [authz_core:error] [pid 222383:tid 140497691596544] [client x.x.x.x:49561] AH01630: client denied by server configuration: /var/www/dav
Feb 01 18:59:27 DietPi apache2[222383]: [authz_core:error] [pid 222383:tid 140498597549824] [client x.x.x.x:49816] AH01630: client denied by server configuration: /var/www/apps
Feb 01 18:59:32 DietPi apache2[222383]: [authz_core:error] [pid 222383:tid 140498605942528] [client x.x.x.x:49861] AH01630: client denied by server configuration: /var/www/apps
Feb 01 18:59:32 DietPi apache2[222383]: [authz_core:error] [pid 222383:tid 140497381197568] [client x.x.x.x:49860] AH01630: client denied by server configuration: /var/www/apps
Feb 01 18:59:38 DietPi apache2[222383]: [authz_core:error] [pid 222383:tid 140497532200704] [client x.x.x.x:49903] AH01630: client denied by server configuration: /var/www/dav
It appears the clients are routing requests for the following (nonexistent) directories:
/var/www/apps
/var/www/cloud
/var/www/dav
/var/www/204
/var/www/avatar
These directories do not exist outside of the /var/www/nextcloud directory, and only /apps exists within the /var/www/nextcloud directory, so I have no idea why these requests are being made by both my Android and PC clients.
I have written a detailed account of the error at the DietPi forum: https://dietpi.com/forum/t/nextcloud-authz-core-error-ah01630-client-denied-by-server-configuration-var-www-apps-dav-cloud-etc/15778
Is this the first time you’ve seen this error? (Y/N):
Yes. I noticed the 403s when viewing dietpi system logs from Apache.
Steps to replicate it:
- Restrict general root directory access (require all denied) in Apache config, opening (require all granted) only directories with running services. I have Nextcloud and PiHole configured on this server, both are served from different directories.
- journalctl -f -n 75
- See tons of 403 errors where my internal IPs are getting denied from certain Nextcloud directories that do not exist. E.G. [authz_core:error] [pid 222383:tid 140497423161088] [client X.X.X.X:55662] AH01630: client denied by server configuration: /var/www/dav
Output of my main Apache config:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/admin>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/html/admin>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
The output of your Nextcloud log in Admin > Logging:
Nothing relevant, see screengrab
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'passwordsalt' => 'xxxxx',
'secret' => 'xxxxx',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '*',
),
'datadirectory' => '/mnt/xxxxx/nextcloud_data',
'dbtype' => 'mysql',
'version' => '25.0.3.2',
'hashingThreads' => 4,
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/run/redis/redis-server.sock',
'port' => 0,
),
'overwrite.cli.url' => 'https://xxxx.xxx/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
'dbname' => 'xxxxxx',
'dbhost' => 'xxxxxx',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxxxx',
'dbpassword' => 'xxxxxx',
'installed' => true,
'instanceid' => 'xxxxx',
'twofactor_enforced' => 'true',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'maintenance' => false,
'theme' => '',
'loglevel' => 2,
'mail_smtphost' => 'xxx.xxx.xxx',
'mail_smtpport' => '587',
'mail_from_address' => 'xxxxxx',
'mail_domain' => 'xxxx.com',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtpname' => 'xxxxx@xxx.com',
'mail_smtppassword' => 'xxxxxx',
'mail_smtpsecure' => 'tls',
'default_phone_region' => 'US',
'memories.exiftool' => '/var/www/nextcloud/apps/memories/exiftool-bin/exiftool-amd64-glibc',
'memories.ffmpeg_path' => '/usr/bin/ffmpeg',
'memories.ffprobe_path' => '/usr/bin/ffprobe',
'memories.transcoder' => '/var/www/nextcloud/apps/memories/exiftool-bin/go-vod-amd64',
'memories.no_transcode' => true,
'memories.qsv' => true,
);
The output of your Apache/nginx/system log in /var/log/____
:
See above.
Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
See screengrab above. Nothing relevant.