Login/Register
Random 403 error with apache 2.2 and Plesk 12.5
Asked Answered
apachehttp-status-code-403plesk
C

0

16

I face strange random 403 error on a Debian serveur with Plesk 12.5 and apache 2.2.

There are several domains on the server but only one domain faces this.

Rondomly, it seems that it tries to display the directory listing instead of serve the index.php file. So, sometimes, it through a 403 error and when refresh the page, it's ok with a 200 status.

In error_log, I read lots of :

[error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive

The DirectoryIndex was not present in httpd.conf file so I added the rule in additional directives for the domain via the Plesk Web Interface with no luck.

I'm kind of stuck with this.

Any help would be appreciated.

Let me know if you need more info.

Thank you.

EDIT :

Webroot .htaccess content

# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>

RewriteEngine on


#Domain: www.domain.tld
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]

RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/woff2 .woff2
AddType application/x-font-woff .woff
<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType text/javascript "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType application/x-javascript "access plus 1 week"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType font/opentype "access plus 1 year"
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType application/x-font-ttf "access plus 1 year"
    ExpiresByType application/x-font-otf "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
    Header unset Etag
</IfModule>
FileETag none
<IfModule mod_deflate.c>
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype image/svg+xml
    </IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
Cadell answered 7/8, 2017 at 13:2 Comment(24)
Did you restart the apache2 service after adding that DirectoryIndex rule in the apache2 config? You should add it via Plesk Web Inteface not manually by editing the files via ssh.Granados
@BogdanStoica Yes, I did it via the Plesk Web Interface.Cadell
And do you have a index.php file for that site? the location should be /var/www/vhosts/domain.com/httpdocs/index.phpGranados
@BogdanStoica Yes, it's there, with good permissions and owner/group.Cadell
Well that's really strange... I would contact Plesk support if I were you... Since you have a paid license, you have included tech support as wellGranados
@BogdanStoica, already done. They told me to add the DirectoryIndex rules but nothing much... = /Cadell
I'll open a new ticket. Thank you anyway @BogdanStoica. ; )Cadell
Let us continue this discussion in chat.Granados
Is there any .htaccess at that site's webroot directory, and if there is, what rules it has inside? A good thing to do, it to check open a shell and use commands to search for all .htaccess files in all that webroot directories.Labyrinthodont
@ChristosLytras Yes, there is one. It's automatically generated by Prestashop.Cadell
@ChristosLytras added the .htaccess content to the question.Cadell
There must be something wrong with the # Dispatcher section. And I don't see an opening tag for that closing </IfModule> at the same section. Is there a way to re-generate that .htaccess or replace it with a default from another setup? EDIT There is an opening <IfModule mod_rewrite.c>, I just saw it now.Labyrinthodont
@ChristosLytras thanks, just regenerated it but no diff…Cadell
You're dealing with some missconfiguration here. Try to follow this post prestashop.com/forums/topic/12080-403-error and add Options FollowSymLinks at the top of .htaccess after the RewriteEngine on directive.Labyrinthodont
@ChristosLytras FollowSymLink rule is already set in the Apache directives for the domain. I tried to add it in .htaccess anyway but still same issue.Cadell
Have you checked the access log files for further details about the 403 errors? Maybe there are clues regarding these errors that will help you debug this really strange situation.Labyrinthodont
@ChristosLytras Nothing about those 403 errors in access_log and proxy_access_log. Is it possible ?Cadell
Can you show what error appears in proxy_error_log when apache reports Directory index forbidden by Options directive? Does this error appear on main page only of on other pages too?Maryettamaryjane
@ElvisPlesky Hello, nothing showed about that error in proxy_error_log. Yes, it happens on other pages too.Cadell
Can you check the time-stamp over index file? 403 error can appear when index file cannot be found or accessed by webserver. Maybe it changes on disc at the moment of 403 errors? For test try to create some test file and include it into index. So if the problem is in it, instead of 403 you should see the content of test file.Maryettamaryjane
@ElvisPlesky I checked the index.php time-stamp and it not changed recently. I did the include test too but still 403.Cadell
Have you tried checking the Requests when the error occurs? I mean, by checking the behaviour with/without www or with http/https or the combination of www/https/http or without www. Btw, can you reproduce the error by refreshing the page?Haught
What's your preferred domain configuration in Plesk for that website?Haught
Thanks for your comment @MiguelOrtiz but I had to migrate the website. I can't test anymore. Still don't know what was going on...Cadell

© 2022 - 2024 — McMap. All rights reserved.