------------ Original Message ------------ > Date: Friday, August 28, 2015 07:40:43 +0200 > From: Luigi Rosa <lists at luigirosa.com> > > Tim Dunphy wrote on 28/08/2015 00:18: > >> And made sure that the document root setup in the vhost for the >> site I'm serving has permissions for the apache user. Yet some >> of the files are throwing a 404 error in a browser even tho they >> are clearly present and accounted for on the file system. > > Put > > CheckSpelling on > CheckCaseOnly on > > in vhost or Apache configuration > > You have to enable mod_speling in > /etc/httpd/conf.modules.d/00-base.conf Please show relevant httpd error_log entries. What is displayed to the client is never as useful as the real thing. Separately, your documentroot directory and file ownerships are a security risk: > -rw-r--r--. 1 daemon daemon 222568 Jul 16 13:56 /var/www/mycomanystore/images/Jimmy_792x802_R2.jpg > And all those files have the correct ownership for apache: > [root at aozwsls00019la apache2]# egrep -i "user|group" conf/httpd.conf > User daemon > Group daemon Directories and files under the documentroot need to be accessible to the httpd process, but should never be owned or writable by it. If they are owned/writable by the httpd process and someone breaks through (either a bug in httpd (apache) or more likely code/scripts you are running) then the attacker can do as they wish with the documentroot contents - including (but not limited to) defacing your site. Also, "daemon" is an odd user to be running your httpd as. The default is generally "apache". On my centos-5 and -6 servers (what centos release are you running here?) "daemon" is a member of the group "bin", which escalates potential security issues.