Hi all, Sorry my bad english, i use google translator to write englant. I have a big big problem and I can do nothing more to understand what is happening on the server. Before some of the technical details; Server distro: Debian 7 wheezy, 64bit. Software: Apache/2.2.0, MySQL 5.5.31, PHP 5.4, ISPconfig-3 The issues are: go to the http://iffimusic.info website and see error 403 Forbidden sometimes 500 Internal Server Error If go to http://hosting-networks.com/ It works when there is a index.HTML if i change index.PHP then see error 403 Forbidden. If go to https://hosting-networks.com:8080/webmail/ roundcube works nice. However, if the switch https://hosting-networks.com:8080/ see 500 Internal Server Error /var/log/apache2/error.log Code: [Sat Aug 10 16:51:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFRbAf8OEAAE82QawAAAAL"] suexec policy violation: see suexec log for more details [Sat Aug 10 16:51:28 2013] [warn] [client 90.191.86.8] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server [Sat Aug 10 16:51:28 2013] [error] [client 90.191.86.8] Premature end of script headers: index.php [Sat Aug 10 16:52:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFgbAf8OEAAHajrKgAAAAG"] [Sat Aug 10 16:52:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFgbAf8OEAAHajrKgAAAAG"] [Sat Aug 10 16:53:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFvbAf8OEAAE@tYUgAAAAE"] [Sat Aug 10 16:53:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFvbAf8OEAAE@tYUgAAAAE"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] client denied by server configuration: /var/www/ [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"] [Sat Aug 10 16:54:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZF@bAf8OEAAFAsjc0AAAAA"] [Sat Aug 10 16:54:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZF@bAf8OEAAFAsjc0AAAAA"] [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] SoftException in Application.cpp:350: UID of script "/var/www/index.php" is smaller than min_uid [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] Premature end of script headers: index.php [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"] [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"] [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/modsecurity_crs_50_outbound.conf"] [line "53"] [id "970901"] [rev "2.2.5"] [msg "The application is not available"] [severity "ERROR"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"] [Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/modsecurity/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"] [Sat Aug 10 16:55:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZGNbAf8OEAAHajrKkAAAAG"] [Sat Aug 10 16:55:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZGNbAf8OEAAHajrKkAAAAG"] [Sat Aug 10 16:55:02 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGNrAf8OEAAE@tYUkAAAAE"] [Sat Aug 10 16:55:07 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGO7Af8OEAAE82Qa4AAAAL"] [Sat Aug 10 16:55:07 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGO7Af8OEAAFAsjc4AAAAA"] /var/www/clients/client4/web4/log/error.log Code: [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"] [Sat Aug 10 16:45:14 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:45:14 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"] [Sat Aug 10 16:51:10 2013] [crit] [client 66.249.72.139] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:51:10 2013] [crit] [client 66.249.72.139] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"] [Sat Aug 10 16:52:55 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:52:55 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"] [Sat Aug 10 16:52:58 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:52:58 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"] [Sat Aug 10 16:53:33 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:53:33 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] [Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"] /var/log/apache2/suexec.log Code: [2013-08-10 15:56:29]: uid: (5005/web2) gid: (5006/client2) cmd: .php-fcgi-starter [2013-08-10 15:56:29]: target uid/gid (5005/5006) mismatch with directory (33/33) or program (33/33) [2013-08-10 15:56:29]: uid: (5005/web2) gid: (5006/client2) cmd: .php-fcgi-starter [2013-08-10 15:56:29]: target uid/gid (5005/5006) mismatch with directory (33/33) or program (33/33) [2013-08-10 15:57:18]: uid: (5007/web4) gid: (5008/client4) cmd: .php-fcgi-starter [2013-08-10 15:57:18]: target uid/gid (5007/5008) mismatch with directory (33/33) or program (33/33) [2013-08-10 15:58:02]: uid: (5007/web4) gid: (5008/client4) cmd: .php-fcgi-starter [2013-08-10 15:58:02]: target uid/gid (5007/5008) mismatch with directory (33/33) or program (33/33) [2013-08-10 15:59:10]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 15:59:10]: target uid/gid (5003/5004) mismatch with directory (33/33) or program (33/33) [2013-08-10 15:59:13]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 15:59:13]: target uid/gid (5003/5004) mismatch with directory (33/33) or program (33/33) [2013-08-10 16:03:50]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:03:50]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:03:53]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:03:53]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:03:55]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:03:55]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:05:32]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:05:32]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:05:59]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:05:59]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:31:56]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:31:56]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:34:57]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:34:57]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:40:52]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:40:52]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:42:08]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:42:08]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:42:19]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:42:19]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:42:29]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter [2013-08-10 16:42:29]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:42:31]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:42:31]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:45:28]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:45:28]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:45:32]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:45:32]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:45:33]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:45:33]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) [2013-08-10 16:51:28]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2013-08-10 16:51:28]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0) I changed yesterday chown -R www-data /var/www and after that the problems started By now I'm experimenting with different google instructions but nothing has helped. I am very confused and perplexed. Thanks for help
to the vhost of the site: Code: <IfModule mod_security2.c> SecRuleEngine Off </IfModule> OR Code: <IfModule mod_security.c> SecRuleEngine Off </IfModule>
It did not help, still have the same 403 Forbidden I added this code Code: <IfModule mod_security2.c> SecRuleEngine Off </IfModule> As the end of file /etc/apache2/sites-avaible/iffimusic.info.vhost Code: <Directory /var/www/iffimusic.info> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/iffimusic.info/web ServerName iffimusic.info ServerAlias iffimusic.info ServerAlias *.iffimusic.info ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/iffimusic.info/error.log Alias /error/ "/var/www/iffimusic.info/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/iffimusic.info/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <Directory /var/www/clients/client4/web4/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <IfModule mod_ruby.c> <Directory /var/www/iffimusic.info/web> Options +ExecCGI </Directory> RubyRequire apache/ruby-run #RubySafeLevel 0 AddType text/html .rb AddType text/html .rbx <Files *.rb> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> <Files *.rbx> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> </IfModule> <IfModule mod_perl.c> PerlModule ModPerl::Registry PerlModule Apache2::Reload <Directory /var/www/iffimusic.info/web> PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> <Files *.pl> SetHandler perl-script </Files> </IfModule> <IfModule mod_python.c> <Directory /var/www/iffimusic.info/web> AddHandler mod_python .py PythonHandler mod_python.publisher PythonDebug On </Directory> </IfModule> # cgi enabled <Directory /var/www/clients/client4/web4/cgi-bin> Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client4/web4/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web4 client4 </IfModule> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html <IfModule mod_fcgid.c> FcgidIdleTimeout 300 FcgidProcessLifeTime 3600 # FcgidMaxProcesses 1000 FcgidMaxRequestsPerProcess 5000 FcgidMinProcessesPerClass 0 FcgidMaxProcessesPerClass 100 FcgidConnectTimeout 3 FcgidIOTimeout 360 FcgidBusyTimeout 3600 FcgidMaxRequestLen 1073741824 </IfModule> <Directory /var/www/iffimusic.info/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client4/web4/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web4 client4 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client4/web4/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client4/web4/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> <IfModule mod_security2.c> SecRuleEngine Off </IfModule> </VirtualHost> Restart apache and same error 403 Forbidden I commented out the file /etc/apache2/apache2.conf this line Code: Include /etc/apache2/modsecurity-core-rules/*.conf Code: # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See http://httpd.apache.org/docs/2.2/ for detailed information about # the directives and /usr/share/doc/apache2-common/README.Debian.gz about # Debian specific hints. # # # Summary of how the Apache 2 configuration works in Debian: # The Apache 2 web server configuration in Debian is quite different to # upstream's suggested way to configure the web server. This is because Debian's # default Apache2 installation attempts to make adding and removing modules, # virtual hosts, and extra configuration directives as flexible as possible, in # order to make automating the changes and administering the server as easy as # possible. # It is split into several files forming the configuration hierarchy outlined # below, all located in the /etc/apache2/ directory: # # /etc/apache2/ # |-- apache2.conf # | `-- ports.conf # |-- mods-enabled # | |-- *.load # | `-- *.conf # |-- conf.d # | `-- * # `-- sites-enabled # `-- * # # # * apache2.conf is the main configuration file (this file). It puts the pieces # together by including all remaining configuration files when starting up the # web server. # # In order to avoid conflicts with backup files, the Include directive is # adapted to ignore files that: # - do not begin with a letter or number # - contain a character that is neither letter nor number nor _-:. # - contain .dpkg # # Yet we strongly suggest that all configuration files either end with a # .conf or .load suffix in the file name. The next Debian release will # ignore files not ending with .conf (or .load for mods-enabled). # # * ports.conf is always included from the main configuration file. It is # supposed to determine listening ports for incoming connections, and which # of these ports are used for name based virtual hosts. # # * Configuration files in the mods-enabled/ and sites-enabled/ directories # contain particular configuration snippets which manage modules or virtual # host configurations, respectively. # # They are activated by symlinking available configuration files from their # respective *-available/ counterparts. These should be managed by using our # helpers a2enmod/a2dismod, a2ensite/a2dissite. See # their respective man pages for detailed information. # # * Configuration files in the conf.d directory are either provided by other # packages or may be added by the local administrator. Local additions # should start with local- or end with .local.conf to avoid name clashes. All # files in conf.d are considered (excluding the exceptions noted above) by # the Apache 2 web server. # # * The binary is called apache2. Due to the use of environment variables, in # the default configuration, apache2 needs to be started/stopped with # /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not # work with the default configuration. # Global configuration # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation (available # at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # LockFile ${APACHE_LOCK_DIR}/accept.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # # It is also possible to omit any default MIME type and let the # client's browser guess an appropriate action instead. Typically the # browser will decide based on the file's extension then. In cases # where no good assumption can be made, letting the default MIME type # unset is suggested instead of forcing the browser to accept # incorrect metadata. # DefaultType None # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include list of ports to listen on and which to use for name based vhosts Include ports.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see the comments above for details. # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/ #Include /etc/apache2/modsecurity-core-rules/*.conf I still have the same 403 Forbidden error Restart the server, but still the same... If go to http://iffimusic.info/webmail/ it works
And it does not help Code: # apt-get remove --purge apt-get libapache-mod-security Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package apt-get and Code: # a2dismod mod_security ERROR: Module mod_security does not exist!
The problem seems to be, that you are trying to access files and/or directories from your scripts that are owned by root! (user 0) The script is owned by user 5004. This is not permitted by suexec! The script owner has to be the same as the files and directory you want to access from the script.
I don't think it's Suexec... Please, look carefully to your vhost file, you will see: Code: <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> You shuold delete it, restart apache and try again.
I removed all the vhost this line Code: <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> Restart apache and server but still the same problem! What folder do I have to give them rights 5004? ls -l /var/www Code: drwxr-xr-x 2 root root 4096 juuli 30 19:41 adminer drwxr-xr-x 2 root root 4096 aug 9 15:38 apps drwxr-xr-x 3 root root 4096 aug 9 15:16 blogs drwxr-xr-x 8 root root 4096 juuli 29 15:47 clients drwxr-xr-x 4 root root 4096 juuli 29 12:02 conf drwxr-xr-x 2 root root 4096 juuli 25 17:40 css lrwxrwxrwx 1 root root 30 juuli 29 12:00 hiddenclients.tk -> /var/www/clients/client6/web7/ lrwxrwxrwx 1 root root 30 juuli 28 17:49 hosting-networks.com -> /var/www/clients/client5/web6/ lrwxrwxrwx 1 web4 client4 30 juuli 25 22:38 iffimusic.info -> /var/www/clients/client4/web4/ drwxr-xr-x 3 root root 4096 juuli 25 17:40 img -rw-r--r-- 1 root root 2827 juuli 25 17:53 _index.html -rw-r--r-- 1 root root 395 aug 9 15:15 index.php lrwxrwxrwx 1 root root 34 juuli 25 18:25 ispconfig -> /usr/local/ispconfig/interface/web drwxr-xr-x 2 root root 4096 juuli 25 17:41 js -rw-r--r-- 1 root root 409 aug 9 15:15 LEGGIMI.txt -rw-r--r-- 1 root root 17935 aug 9 15:15 licencia.txt -rw-r--r-- 1 root root 19929 aug 9 15:15 license.txt -rw-r--r-- 1 root root 23149 aug 9 15:15 licens.html -rw-r--r-- 1 root root 24880 aug 9 15:15 licenza.html -rw-r--r-- 1 root root 10490 aug 9 15:15 liesmich.html drwxr-xr-x 12 root root 4096 aug 6 19:44 mail drwxr-xr-x 3 root root 4096 juuli 29 13:08 php-cgi-scripts drwxr-xr-x 11 root root 4096 juuli 29 14:19 php-fcgi-scripts drwxr-xr-x 7 root root 4096 juuli 30 19:38 phpMemcachedAdmin lrwxrwxrwx 1 root root 30 juuli 25 18:49 pumpla-hosting.com -> /var/www/clients/client1/web1/ lrwxrwxrwx 1 root root 30 juuli 28 16:55 pumpla-hosting.tk -> /var/www/clients/client1/web5/ lrwxrwxrwx 1 root root 30 juuli 25 21:15 pumpla-seedboxes.org -> /var/www/clients/client3/web3/ -rw-r--r-- 1 root root 9177 aug 9 15:15 readme.html -rw-r--r-- 1 root root 3316 aug 9 15:15 readme-ja.html lrwxrwxrwx 1 root root 30 aug 4 08:27 tigramiehted.info -> /var/www/clients/client2/web2/ drwxr-xr-x 2 root root 4096 aug 9 15:16 tmp drwxr-xr-x 2 root root 4096 aug 12 06:57 webalizer lrwxrwxrwx 1 root root 24 juuli 25 18:10 webmail -> /usr/share/squirrelmail/ -rw-r--r-- 1 root root 4663 aug 9 15:15 wp-activate.php drwxr-xr-x 10 root root 4096 aug 9 15:17 wp-admin -rw-r--r-- 1 root root 271 aug 9 15:15 wp-blog-header.php -rw-r--r-- 1 root root 3522 aug 9 15:15 wp-comments-post.php -rw-r--r-- 1 root root 0 aug 9 15:15 wp-config.php -rw-r--r-- 1 root root 3177 aug 9 15:15 wp-config-sample.php drwxr-xr-x 5 root root 4096 aug 9 15:18 wp-content -rw-r--r-- 1 root root 2718 aug 9 15:15 wp-cron.php drwxr-xr-x 9 root root 4096 aug 9 15:25 wp-includes -rw-r--r-- 1 root root 1997 aug 9 15:15 wp-links-opml.php -rw-r--r-- 1 root root 2408 aug 9 15:15 wp-load.php -rw-r--r-- 1 root root 29217 aug 9 15:15 wp-login.php -rw-r--r-- 1 root root 7723 aug 9 15:15 wp-mail.php -rw-r--r-- 1 root root 9899 aug 9 15:15 wp-settings.php -rw-r--r-- 1 root root 18219 aug 9 15:15 wp-signup.php -rw-r--r-- 1 root root 3700 aug 9 15:16 wp-trackback.php -rw-r--r-- 1 root root 2719 aug 9 15:16 xmlrpc.php ls -l /var/www/clients Code: # ls -l /var/www/clients total 24 drwxr-xr-x 4 root root 4096 aug 7 21:37 client1 drwxr-xr-x 3 root root 4096 aug 4 08:27 client2 drwxr-xr-x 3 root root 4096 juuli 29 17:37 client3 drwxr-xr-x 3 root root 4096 juuli 29 18:42 client4 drwxr-xr-x 3 root root 4096 aug 7 21:37 client5 drwxr-xr-x 3 root root 4096 juuli 29 18:42 client6
This installation has been there for several months old and is only for testing .... It did not cause problems.
Ok, you said you did a chown www-data recursively on /var/www So all websites you have are now owned by www-data, but you use fcgi php... I don't think this can work. You should change back the owners of the several webs. For example /var/www/clients/client1/web1 and its subdirectories should be owned by web1:client1 Except the subdirectories log/ ssl/ (if existing) and web/stats/ which belong to root:root
Addition to the previous: Is it possible that you did a chown -R root:root after your experiment with www-data? The suexec error messages seem to me like the fcgi starter script is still owned by the web user (e.g. web4:client12) but the web itself is owned by root:root So php is not allowed to access the web's php files as they don't belong to the same user as the starter script does.
Yes, after I did back chown -R root /var/www and chown -R root:root /var/www Do I have to now change all the users folders rights manuali for example: chown -R client1:web1 /var/www/clients/clients1 and all subfolders and files?
Doing that won't be enough, for each web you would have to do: chown -R web1:client1 /var/www/clients/client1/web1 chown -R root:root /var/www/clients/client1/web1/ssl chown -R root:root /var/www/clients/client1/web1/log chown -R root:root /var/www/clients/client1/web1/web/stats I don't know if there is any possibility of making this easier. Just remember: NEVER NEVER NEVER EVER do anything recursively on /var/www - you will destroy something.
You could try this on the bash/shell (without any warranty! although I don't think your permissions can be messed up any more *smile*): Code: for L in /var/www/clients/client* ; do C=`basename $L` ; for K in /var/www/clients/$C/web* ; do if [[ -d "$K" ]] ; then D=`basename $K` ; chown -R ${D}:${C} $K ; chown -R root:root $K/log ; chown -R root:root $K/ssl ; chown -R root:root $K/web/stats ; fi ; done ; done ;
# chown -R web4:client4 /var/www/clients/client4/web4 chown: changing ownership of `/var/www/clients/client4/web4': Operation not permitted
You have directory protection on, so you need to use an extended version. Code: for L in /var/www/clients/client* ; do C=`basename $L` ; for K in /var/www/clients/$C/web* ; do if [[ -d "$K" ]] ; then D=`basename $K` ; chattr -i $K ; chown -R ${D}:${C} $K ; chown -R root:root $K/log ; chown -R root:root $K/ssl ; chown -R root:root $K/web/stats ; chattr +i $K ; fi ; done ; done ;
I am just a beginner and confused, how to use it? after this command Code: # chown -R web4:client4 /var/www/clients/client4/web4chown: changing ownership of `/var/www/clients/client4/web4': Operation not permitted is now error 500 but I tried to enter the terminal Code: # for L in /var/www/clients/client* ; do > C=`basename $L` ; > for K in /var/www/clients/$C/web* ; do > if [[ -d "$K" ]] ; then > D=`basename $K` ; > chattr -i $K ; > chown -R ${D}:${C} $K ; > chown -R root:root $K/log ; > chown -R root:root $K/ssl ; > chown -R root:root $K/web/stats ; > chattr +i $K ; > fi ; > done ; > done ; I myself am the owner of the server, it simplifies? Can not help re-installing ISPConfig...make backups before and after the pack up again to go? I'm very confused, but thank you for any help
