📖 ~1 min read
Table of contents
Symptom & Impact
Web app returns 403 forbidden even though filesystem permissions seem correct.
Environment & Reproduction
Appears after moving document root to custom path.
systemctl status httpd
curl -I http://localhostRoot Cause Analysis
SELinux context on web content does not match httpd policy expectations.
Quick Triage
Check SELinux status, context labels, and recent AVC events.
sestatus
ls -lZ /srv/www/app
ausearch -m avc -ts recentStep-by-Step Diagnosis
Correlate 403 events with audit denials and service logs.
journalctl -u httpd -n 100
sealert -a /var/log/audit/audit.log
Solution – Primary Fix
Assign proper SELinux file context and relabel content directory.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
sudo semanage fcontext -a -t httpd_sys_content_t '/srv/www/app(/.*)?'
sudo restorecon -Rv /srv/www/app
sudo systemctl restart httpd
Solution – Alternative Approaches
For writeable directories, use httpd_sys_rw_content_t only where required.
Verification & Acceptance Criteria
HTTP endpoint responds with 200 and no new AVC denials are logged.
curl -I http://localhost
ausearch -m avc -ts recentRollback Plan
Remove custom fcontext mapping if incorrect and relabel back to defaults.
Prevention & Hardening
Document approved web root paths and SELinux types in deployment pipelines.
Related Errors & Cross-Refs
Can overlap with missing execute bits and restrictive Apache Directory directives.
Related tutorial: View the step-by-step tutorial for rhel-10.
View all rhel-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
SELinux policy and Apache hardening docs for RHEL.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
