Random 403 errors with apache+php-fpm - McMap

About

Random 403 errors with apache+php-fpm

Asked 27/9, 2016 at 8:58 Answered 1/8, 2017 at 5:50

php apache http-status-code-403 fpm

B

1

24

On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I'm getting random 403 errors.

I say "random" because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.

The server is running some websites (about a dozen), with various kind of solutions (a couple of Wordpress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).

I'd also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.

Bobettebobina answered 27/9, 2016 at 8:58 Comment(11)

Hello, did you solved this ? I'm facing similar issues. Could you help please ? – Sellers 29/7, 2017 at 7:33

Is there anything common in the paths returning 403? A specific set of PHP scripts? Anything running on the server that modifies PHP file content or permissions? – Demeanor 30/7, 2017 at 14:41

Can you share the apache and php-fpm logs? – Gastric 1/8, 2017 at 1:47

in /etc/php(version)?/fpm/pool.d/www.conf add/uncomment catch_workers_output , so allow PHPs stderr to go to php-fpm's error log instead of /dev/null . – Candescent 1/8, 2017 at 2:26

Are those coming from a specific framework/wordpress or randomly from all apps? – Harvestman 2/8, 2017 at 20:5

@Code_O1logn, in my case, it happens on a Prestashop 1.6. No evasive mod activated. Other prestashop websites on the same server does not face this. Any idea ? – Sellers 3/8, 2017 at 20:32

This is something I'll have to fix as well which is happening on php 7.1 and I installed php as apache module. On few specific pages, randomly it threw php 7.1 exceptions but they disappeared on refresh. – Harvestman 3/8, 2017 at 21:8

@Code_O1logn, The php version is set to 5.6.31 here. – Sellers 7/8, 2017 at 7:0

In my error_log, The error reported is Directory Index Forbidden. It seems that it randomly tries to display the directory index instead of the web page. – Sellers 7/8, 2017 at 7:55

Did you tried with curl, to request multiple time, and see what happened in logs? – Swordbill 25/8, 2017 at 11:10

In general 403 error comes if there is something wrong with your permissions, also can you paste your sites-enabled config file here, are you sure you have pointed out the index.php file in your config? – Finis 13/6, 2018 at 6:50

P

5

Is `mod_evasive' enabled ? To see please try

ls /etc/apache2/mods-enabled/ and if you see mod-evasive.load the apache module mod-evasive is enabled.

The goal of this module is to deny access with a 403 request when too many request come from the same pc(ip) or or when a lot of pages were viewed in a short amount of time. The ip is somewhat blocked for a certain period of time. Sometimes refreshing the page can fix the problem, but it is still annoying.

What you can do is

1)to disable it with a2dismod mod-evasive and service apache2 restart

or

2)Find the httpd.conf file and modify the different parameters. Increase the thresholds for mod_evasive to be less sensitive

modify the default value by something like:

<IfModule mod_dosevasive.c>

    DOSHashTableSize 3097

    DOSPageCount 5

    DOSSiteCount 100

    DOSPageInterval 1

    DOSSiteInterval 1

    DOSBlockingPeriod 2

</IfModule>

MODEV_DOSPageCount This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.

MODEV_DOSPageInterval The interval for the page count threshhold; defaults to 1 second intervals.

etc... You can change them

All the parameters and best solutions are explained here

https://wiki.atomicorp.com/wiki/index.php/Mod_evasive

Polyunsaturated answered 1/8, 2017 at 5:50 Comment(2)

Never used mod_evasive, this is the first time I heard of its existence – Bobettebobina 3/8, 2017 at 7:21

If anyone else finds this answer because of a recent Plesk issue, this does seem to be it. Their solution: 1) SSH in. 2) aum -uf ; yum -y remove mod_evasive ; aum -u. 3) Tools & Settings > Web Application Firewall > Settings, switch to other ruleset, press Apply, switch back to initial ruleset and press Apply. – Mastin 25/6, 2023 at 19:28

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.