Web pages are error messages 500 & 403 and some work!?

Hi all,

Sorry my bad english, i use google translator to write englant.

I have a big big problem and I can do nothing more to understand what is happening on the server. Before some of the technical details;

Server distro: Debian 7 wheezy, 64bit. Software: Apache/2.2.0, MySQL 5.5.31, PHP 5.4, ISPconfig-3

The issues are:

go to the http://iffimusic.info website and see error 403 Forbidden sometimes 500 Internal Server Error

If go to http://hosting-networks.com/ It works when there is a index.HTML if i change index.PHP then see error 403 Forbidden.

If go to https://hosting-networks.com:8080/webmail/ roundcube works nice. However, if the switch https://hosting-networks.com:8080/ see 500 Internal Server Error

/var/log/apache2/error.log

Code:

[Sat Aug 10 16:51:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFRbAf8OEAAE82QawAAAAL"]
suexec policy violation: see suexec log for more details
[Sat Aug 10 16:51:28 2013] [warn] [client 90.191.86.8] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Sat Aug 10 16:51:28 2013] [error] [client 90.191.86.8] Premature end of script headers: index.php
[Sat Aug 10 16:52:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFgbAf8OEAAHajrKgAAAAG"]
[Sat Aug 10 16:52:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFgbAf8OEAAHajrKgAAAAG"]
[Sat Aug 10 16:53:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFvbAf8OEAAE@tYUgAAAAE"]
[Sat Aug 10 16:53:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZFvbAf8OEAAE@tYUgAAAAE"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] client denied by server configuration: /var/www/
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:53:50 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "hosting-networks.com"] [uri "/"] [unique_id "UgZF7rAf8OEAAE82Qa0AAAAL"]
[Sat Aug 10 16:54:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZF@bAf8OEAAFAsjc0AAAAA"]
[Sat Aug 10 16:54:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZF@bAf8OEAAFAsjc0AAAAA"]
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] SoftException in Application.cpp:350: UID of script "/var/www/index.php" is smaller than min_uid
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] Premature end of script headers: index.php
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"]
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"]
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/modsecurity_crs_50_outbound.conf"] [line "53"] [id "970901"] [rev "2.2.5"] [msg "The application is not available"] [severity "ERROR"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"]
[Sat Aug 10 16:55:01 2013] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/modsecurity/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "localhost"] [uri "/index.php"] [unique_id "UgZGNbAf8OEAAG5nIgIAAAAH"]
[Sat Aug 10 16:55:01 2013] [error] [client 5.135.178.42] ModSecurity: Rule 7fa7afbd4f48 [id "950901"][file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZGNbAf8OEAAHajrKkAAAAG"]
[Sat Aug 10 16:55:01 2013] [error] [client 5.135.178.42] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/apache2/modsecurity-core-rules/modsecurity_crs_35_bad_robots.conf"] [line "29"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [tag "AUTOMATION/MISC"] [hostname "media.replikizle.com"] [uri "/bilgi_tamamla.php"] [unique_id "UgZGNbAf8OEAAHajrKkAAAAG"]
[Sat Aug 10 16:55:02 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGNrAf8OEAAE@tYUkAAAAE"]
[Sat Aug 10 16:55:07 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGO7Af8OEAAE82Qa4AAAAL"]
[Sat Aug 10 16:55:07 2013] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.5"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/server-status"] [unique_id "UgZGO7Af8OEAAFAsjc4AAAAA"]

/var/www/clients/client4/web4/log/error.log

Code:

[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:07 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD47Af8OEAAE@tYUQAAAAE"]
[Sat Aug 10 16:45:14 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:45:14 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:45:14 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZD6rAf8OEAAG5mIaAAAAAF"]
[Sat Aug 10 16:51:10 2013] [crit] [client 66.249.72.139] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:51:10 2013] [crit] [client 66.249.72.139] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:51:10 2013] [error] [client 66.249.72.139] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/cdn-cgi/nexp/abv=2908400176/"] [unique_id "UgZFTrAf8OEAAFAsjcwAAAAA"]
[Sat Aug 10 16:52:55 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:52:55 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:55 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFt7Af8OEAAHakrQQAAAAM"]
[Sat Aug 10 16:52:58 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:52:58 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:52:58 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/stats/"] [unique_id "UgZFurAf8OEAAHakrQUAAAAM"]
[Sat Aug 10 16:53:33 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:53:33 2013] [crit] [client 90.191.86.8] (13)Permission denied: /var/www/iffimusic.info/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ip_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "session.ua_hash" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_secure" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_charset" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_not_utf8" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.charset_mismatch" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.loose_domain_scope" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.missing_httponly" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.check_cache_control" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.content_type_header_exists" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_xss_protection_disabled" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_frame_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]
[Sat Aug 10 16:53:33 2013] [error] [client 90.191.86.8] ModSecurity: Could not set variable "global.x_content_type_options" as the collection does not exist. [hostname "iffimusic.info"] [uri "/"] [unique_id "UgZF3bAf8OEAAFA7pL8AAAAC"]

/var/log/apache2/suexec.log

Code:

[2013-08-10 15:56:29]: uid: (5005/web2) gid: (5006/client2) cmd: .php-fcgi-starter
[2013-08-10 15:56:29]: target uid/gid (5005/5006) mismatch with directory (33/33) or program (33/33)
[2013-08-10 15:56:29]: uid: (5005/web2) gid: (5006/client2) cmd: .php-fcgi-starter
[2013-08-10 15:56:29]: target uid/gid (5005/5006) mismatch with directory (33/33) or program (33/33)
[2013-08-10 15:57:18]: uid: (5007/web4) gid: (5008/client4) cmd: .php-fcgi-starter
[2013-08-10 15:57:18]: target uid/gid (5007/5008) mismatch with directory (33/33) or program (33/33)
[2013-08-10 15:58:02]: uid: (5007/web4) gid: (5008/client4) cmd: .php-fcgi-starter
[2013-08-10 15:58:02]: target uid/gid (5007/5008) mismatch with directory (33/33) or program (33/33)
[2013-08-10 15:59:10]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 15:59:10]: target uid/gid (5003/5004) mismatch with directory (33/33) or program (33/33)
[2013-08-10 15:59:13]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 15:59:13]: target uid/gid (5003/5004) mismatch with directory (33/33) or program (33/33)
[2013-08-10 16:03:50]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:03:50]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:03:53]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:03:53]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:03:55]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:03:55]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:05:32]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:05:32]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:05:59]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:05:59]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:31:56]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:31:56]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:34:57]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:34:57]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:40:52]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:40:52]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:42:08]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:42:08]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:42:19]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:42:19]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:42:29]: uid: (5008/web5) gid: (5005/client1) cmd: .php-fcgi-starter
[2013-08-10 16:42:29]: target uid/gid (5008/5005) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:42:31]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:42:31]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:45:28]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:45:28]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:45:32]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:45:32]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:45:33]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:45:33]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)
[2013-08-10 16:51:28]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter
[2013-08-10 16:51:28]: target uid/gid (5003/5004) mismatch with directory (0/0) or program (0/0)

I changed yesterday chown -R www-data /var/www and after that the problems started
By now I'm experimenting with different google instructions but nothing has helped.

I am very confused and perplexed.

Thanks for help

 

You should disable mod security.

 

How to disable it???

 

to the vhost of the site:

Code:

<IfModule mod_security2.c>
     SecRuleEngine Off
</IfModule>

OR

Code:

<IfModule mod_security.c>
     SecRuleEngine Off
</IfModule>

 

It did not help, still have the same 403 Forbidden

I added this code

Code:

<IfModule mod_security2.c>
     SecRuleEngine Off
</IfModule>

As the end of file /etc/apache2/sites-avaible/iffimusic.info.vhost

Code:

<Directory /var/www/iffimusic.info>
		AllowOverride None
		Order Deny,Allow
		Deny from all
</Directory>

<VirtualHost *:80>
					DocumentRoot /var/www/iffimusic.info/web
			
		ServerName iffimusic.info
		ServerAlias iffimusic.info 
    ServerAlias *.iffimusic.info
		ServerAdmin [email protected]

		ErrorLog /var/log/ispconfig/httpd/iffimusic.info/error.log

		Alias /error/ "/var/www/iffimusic.info/web/error/"
		ErrorDocument 400 /error/400.html
		ErrorDocument 401 /error/401.html
		ErrorDocument 403 /error/403.html
		ErrorDocument 404 /error/404.html
		ErrorDocument 405 /error/405.html
		ErrorDocument 500 /error/500.html
		ErrorDocument 502 /error/502.html
		ErrorDocument 503 /error/503.html

		<IfModule mod_ssl.c>
		</IfModule>

		<Directory /var/www/iffimusic.info/web>
				Options FollowSymLinks
				AllowOverride All
				Order allow,deny
				Allow from all

				# ssi enabled
				AddType text/html .shtml
				AddOutputFilter INCLUDES .shtml
				Options +Includes
		</Directory>
		<Directory /var/www/clients/client4/web4/web>
				Options FollowSymLinks
				AllowOverride All
				Order allow,deny
				Allow from all

				# ssi enabled
				AddType text/html .shtml
				AddOutputFilter INCLUDES .shtml
				Options +Includes
		</Directory>

		<IfModule mod_ruby.c>
			<Directory /var/www/iffimusic.info/web>
				Options +ExecCGI
			</Directory>
			RubyRequire apache/ruby-run
			#RubySafeLevel 0
			AddType text/html .rb
			AddType text/html .rbx
			<Files *.rb>
				SetHandler ruby-object
				RubyHandler Apache::RubyRun.instance
			</Files>
			<Files *.rbx>
				SetHandler ruby-object
				RubyHandler Apache::RubyRun.instance
			</Files>
		</IfModule>

		<IfModule mod_perl.c>
			PerlModule ModPerl::Registry
			PerlModule Apache2::Reload
			<Directory /var/www/iffimusic.info/web>
				PerlResponseHandler ModPerl::Registry
				PerlOptions +ParseHeaders
				Options +ExecCGI
			</Directory>
            <Files *.pl>
				SetHandler perl-script
            </Files>
		</IfModule>

		<IfModule mod_python.c>
			<Directory /var/www/iffimusic.info/web>
				AddHandler mod_python .py
				PythonHandler mod_python.publisher
				PythonDebug On
			</Directory>
		</IfModule>

		# cgi enabled
	<Directory /var/www/clients/client4/web4/cgi-bin>
			Order allow,deny
			Allow from all
		</Directory>
		ScriptAlias  /cgi-bin/ /var/www/clients/client4/web4/cgi-bin/
		AddHandler cgi-script .cgi
		AddHandler cgi-script .pl
		# suexec enabled
		<IfModule mod_suexec.c>
			SuexecUserGroup web4 client4
		</IfModule>
		# Clear PHP settings of this website
		<FilesMatch "\.ph(p3?|tml)$">
				SetHandler None
		</FilesMatch>
		# php as fast-cgi enabled
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
		<IfModule mod_fcgid.c>
				FcgidIdleTimeout 300
				FcgidProcessLifeTime 3600
				# FcgidMaxProcesses 1000
				FcgidMaxRequestsPerProcess 5000
				FcgidMinProcessesPerClass 0
				FcgidMaxProcessesPerClass 100
				FcgidConnectTimeout 3
				FcgidIOTimeout 360
				FcgidBusyTimeout 3600
				FcgidMaxRequestLen 1073741824
		</IfModule>
		<Directory /var/www/iffimusic.info/web>
				AddHandler fcgid-script .php .php3 .php4 .php5
				FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
				Options +ExecCGI
				AllowOverride All
				Order allow,deny
				Allow from all
		</Directory>
		<Directory /var/www/clients/client4/web4/web>
				AddHandler fcgid-script .php .php3 .php4 .php5
				FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
				Options +ExecCGI
				AllowOverride All
				Order allow,deny
				Allow from all
		</Directory>


		# add support for apache mpm_itk
		<IfModule mpm_itk_module>
			AssignUserId web4 client4
		</IfModule>

		<IfModule mod_dav_fs.c>
		# Do not execute PHP files in webdav directory
			<Directory /var/www/clients/client4/web4/webdav>
				<ifModule mod_security2.c>
					SecRuleRemoveById 960015
					SecRuleRemoveById 960032
				</ifModule>
				<FilesMatch "\.ph(p3?|tml)$">
					SetHandler None
				</FilesMatch>
			</Directory>
			DavLockDB /var/www/clients/client4/web4/tmp/DavLock
			# DO NOT REMOVE THE COMMENTS!
			# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
			# WEBDAV END
		</IfModule>
<IfModule mod_security2.c>
     SecRuleEngine Off
</IfModule>
</VirtualHost>

Restart apache and same error 403 Forbidden

I commented out the file /etc/apache2/apache2.conf this line

Code:

Include /etc/apache2/modsecurity-core-rules/*.conf

Code:

# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives and /usr/share/doc/apache2-common/README.Debian.gz about
# Debian specific hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
#	/etc/apache2/
#	|-- apache2.conf
#	|	`--  ports.conf
#	|-- mods-enabled
#	|	|-- *.load
#	|	`-- *.conf
#	|-- conf.d
#	|	`-- *
# 	`-- sites-enabled
#	 	`-- *
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
#   together by including all remaining configuration files when starting up the
#   web server.
#
#   In order to avoid conflicts with backup files, the Include directive is
#   adapted to ignore files that:
#   - do not begin with a letter or number
#   - contain a character that is neither letter nor number nor _-:.
#   - contain .dpkg
#
#   Yet we strongly suggest that all configuration files either end with a
#   .conf or .load suffix in the file name. The next Debian release will
#   ignore files not ending with .conf (or .load for mods-enabled).
#
# * ports.conf is always included from the main configuration file. It is
#   supposed to determine listening ports for incoming connections, and which
#   of these ports are used for name based virtual hosts.
#
# * Configuration files in the mods-enabled/ and sites-enabled/ directories
#   contain particular configuration snippets which manage modules or virtual
#   host configurations, respectively.
#
#   They are activated by symlinking available configuration files from their
#   respective *-available/ counterparts. These should be managed by using our
#   helpers a2enmod/a2dismod, a2ensite/a2dissite. See
#   their respective man pages for detailed information.
#
# * Configuration files in the conf.d directory are either provided by other
#   packages or may be added by the local administrator. Local additions
#   should start with local- or end with .local.conf to avoid name clashes. All
#   files in conf.d are considered (excluding the exceptions noted above) by
#   the Apache 2 web server.
#
# * The binary is called apache2. Due to the use of environment variables, in
#   the default configuration, apache2 needs to be started/stopped with
#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
#   work with the default configuration.


# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

##
## Server-Pool Size Regulation (MPM specific)
## 

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
    MaxClients          150
MaxRequestsPerChild 0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
#              graceful restart. ThreadLimit can only be changed by stopping
#              and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
    StartServers          2
    MinSpareThreads      25
    MaxSpareThreads      75 
    ThreadLimit          64
    ThreadsPerChild      25
    MaxClients          150
    MaxRequestsPerChild   0
</IfModule>

# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
    StartServers          2
    MinSpareThreads      25
    MaxSpareThreads      75 
    ThreadLimit          64
    ThreadsPerChild      25
    MaxClients          150
    MaxRequestsPerChild   0
</IfModule>

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy all
</Files>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
# It is also possible to omit any default MIME type and let the
# client's browser guess an appropriate action instead. Typically the
# browser will decide based on the file's extension then. In cases
# where no good assumption can be made, letting the default MIME type
# unset is suggested  instead of forcing the browser to accept
# incorrect  metadata.
#
DefaultType None


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf

# Include list of ports to listen on and which to use for name based vhosts
Include ports.conf

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see the comments above for details.

# Include generic snippets of statements
Include conf.d/

# Include the virtual host configurations:
Include sites-enabled/
#Include /etc/apache2/modsecurity-core-rules/*.conf

I still have the same 403 Forbidden error

Restart the server, but still the same...

If go to http://iffimusic.info/webmail/ it works

 

And it does not help

Code:

# apt-get remove --purge apt-get libapache-mod-security 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package apt-get

and

Code:

# a2dismod mod_security 
ERROR: Module mod_security does not exist!

 

The problem seems to be, that you are trying to access files and/or directories from your scripts that are owned by root! (user 0)
The script is owned by user 5004.

This is not permitted by suexec! The script owner has to be the same as the files and directory you want to access from the script.

 

I don't think it's Suexec...

Please, look carefully to your vhost file, you will see:

Code:

<ifModule mod_security2.c>
					SecRuleRemoveById 960015
					SecRuleRemoveById 960032
				</ifModule>

You shuold delete it, restart apache and try again.

 

I removed all the vhost this line

Code:

<ifModule mod_security2.c>
					SecRuleRemoveById 960015
					SecRuleRemoveById 960032
				</ifModule>

Restart apache and server but still the same problem!

What folder do I have to give them rights 5004?

ls -l /var/www

Code:

drwxr-xr-x  2 root root     4096 juuli 30 19:41 adminer
drwxr-xr-x  2 root root     4096 aug    9 15:38 apps
drwxr-xr-x  3 root root     4096 aug    9 15:16 blogs
drwxr-xr-x  8 root root     4096 juuli 29 15:47 clients
drwxr-xr-x  4 root root     4096 juuli 29 12:02 conf
drwxr-xr-x  2 root root     4096 juuli 25 17:40 css
lrwxrwxrwx  1 root root       30 juuli 29 12:00 hiddenclients.tk -> /var/www/clients/client6/web7/
lrwxrwxrwx  1 root root       30 juuli 28 17:49 hosting-networks.com -> /var/www/clients/client5/web6/
lrwxrwxrwx  1 web4 client4    30 juuli 25 22:38 iffimusic.info -> /var/www/clients/client4/web4/
drwxr-xr-x  3 root root     4096 juuli 25 17:40 img
-rw-r--r--  1 root root     2827 juuli 25 17:53 _index.html
-rw-r--r--  1 root root      395 aug    9 15:15 index.php
lrwxrwxrwx  1 root root       34 juuli 25 18:25 ispconfig -> /usr/local/ispconfig/interface/web
drwxr-xr-x  2 root root     4096 juuli 25 17:41 js
-rw-r--r--  1 root root      409 aug    9 15:15 LEGGIMI.txt
-rw-r--r--  1 root root    17935 aug    9 15:15 licencia.txt
-rw-r--r--  1 root root    19929 aug    9 15:15 license.txt
-rw-r--r--  1 root root    23149 aug    9 15:15 licens.html
-rw-r--r--  1 root root    24880 aug    9 15:15 licenza.html
-rw-r--r--  1 root root    10490 aug    9 15:15 liesmich.html
drwxr-xr-x 12 root root     4096 aug    6 19:44 mail
drwxr-xr-x  3 root root     4096 juuli 29 13:08 php-cgi-scripts
drwxr-xr-x 11 root root     4096 juuli 29 14:19 php-fcgi-scripts
drwxr-xr-x  7 root root     4096 juuli 30 19:38 phpMemcachedAdmin
lrwxrwxrwx  1 root root       30 juuli 25 18:49 pumpla-hosting.com -> /var/www/clients/client1/web1/
lrwxrwxrwx  1 root root       30 juuli 28 16:55 pumpla-hosting.tk -> /var/www/clients/client1/web5/
lrwxrwxrwx  1 root root       30 juuli 25 21:15 pumpla-seedboxes.org -> /var/www/clients/client3/web3/
-rw-r--r--  1 root root     9177 aug    9 15:15 readme.html
-rw-r--r--  1 root root     3316 aug    9 15:15 readme-ja.html
lrwxrwxrwx  1 root root       30 aug    4 08:27 tigramiehted.info -> /var/www/clients/client2/web2/
drwxr-xr-x  2 root root     4096 aug    9 15:16 tmp
drwxr-xr-x  2 root root     4096 aug   12 06:57 webalizer
lrwxrwxrwx  1 root root       24 juuli 25 18:10 webmail -> /usr/share/squirrelmail/
-rw-r--r--  1 root root     4663 aug    9 15:15 wp-activate.php
drwxr-xr-x 10 root root     4096 aug    9 15:17 wp-admin
-rw-r--r--  1 root root      271 aug    9 15:15 wp-blog-header.php
-rw-r--r--  1 root root     3522 aug    9 15:15 wp-comments-post.php
-rw-r--r--  1 root root        0 aug    9 15:15 wp-config.php
-rw-r--r--  1 root root     3177 aug    9 15:15 wp-config-sample.php
drwxr-xr-x  5 root root     4096 aug    9 15:18 wp-content
-rw-r--r--  1 root root     2718 aug    9 15:15 wp-cron.php
drwxr-xr-x  9 root root     4096 aug    9 15:25 wp-includes
-rw-r--r--  1 root root     1997 aug    9 15:15 wp-links-opml.php
-rw-r--r--  1 root root     2408 aug    9 15:15 wp-load.php
-rw-r--r--  1 root root    29217 aug    9 15:15 wp-login.php
-rw-r--r--  1 root root     7723 aug    9 15:15 wp-mail.php
-rw-r--r--  1 root root     9899 aug    9 15:15 wp-settings.php
-rw-r--r--  1 root root    18219 aug    9 15:15 wp-signup.php
-rw-r--r--  1 root root     3700 aug    9 15:16 wp-trackback.php
-rw-r--r--  1 root root     2719 aug    9 15:16 xmlrpc.php

ls -l /var/www/clients

Code:

# ls -l /var/www/clients
total 24
drwxr-xr-x 4 root root 4096 aug    7 21:37 client1
drwxr-xr-x 3 root root 4096 aug    4 08:27 client2
drwxr-xr-x 3 root root 4096 juuli 29 17:37 client3
drwxr-xr-x 3 root root 4096 juuli 29 18:42 client4
drwxr-xr-x 3 root root 4096 aug    7 21:37 client5
drwxr-xr-x 3 root root 4096 juuli 29 18:42 client6

 

OW MY GOD!

Why do you have your WP files in /var/www ?!

 

Wow That installation really seems to be messed up.

 

This installation has been there for several months old and is only for testing .... It did not cause problems.

 

Ok, you said you did a chown www-data recursively on /var/www
So all websites you have are now owned by www-data, but you use fcgi php... I don't think this can work.

You should change back the owners of the several webs.
For example /var/www/clients/client1/web1 and its subdirectories should be owned by web1:client1
Except the subdirectories log/ ssl/ (if existing) and web/stats/ which belong to root:root

 

Addition to the previous:

Is it possible that you did a chown -R root:root after your experiment with www-data?
The suexec error messages seem to me like the fcgi starter script is still owned by the web user (e.g. web4:client12) but the web itself is owned by root:root
So php is not allowed to access the web's php files as they don't belong to the same user as the starter script does.

 

Yes, after I did back chown -R root /var/www and chown -R root:root /var/www

Do I have to now change all the users folders rights manuali

for example: chown -R client1:web1 /var/www/clients/clients1 and all subfolders and files?

 

Doing that won't be enough, for each web you would have to do:

chown -R web1:client1 /var/www/clients/client1/web1
chown -R root:root /var/www/clients/client1/web1/ssl
chown -R root:root /var/www/clients/client1/web1/log
chown -R root:root /var/www/clients/client1/web1/web/stats

I don't know if there is any possibility of making this easier.

Just remember: NEVER NEVER NEVER EVER do anything recursively on /var/www - you will destroy something.

 

You could try this on the bash/shell (without any warranty! although I don't think your permissions can be messed up any more *smile*):

Code:

for L in /var/www/clients/client* ; do
   C=`basename $L` ;
   for K in /var/www/clients/$C/web* ; do
      if [[ -d "$K" ]] ; then
         D=`basename $K` ;
         chown -R ${D}:${C} $K ;
         chown -R root:root $K/log ;
         chown -R root:root $K/ssl ;
         chown -R root:root $K/web/stats ;
      fi ;
   done ;
done ;

 

# chown -R web4:client4 /var/www/clients/client4/web4
chown: changing ownership of `/var/www/clients/client4/web4': Operation not permitted

 

You have directory protection on, so you need to use an extended version.

Code:

for L in /var/www/clients/client* ; do
   C=`basename $L` ;
   for K in /var/www/clients/$C/web* ; do
      if [[ -d "$K" ]] ; then
         D=`basename $K` ;
         chattr -i $K ;
         chown -R ${D}:${C} $K ;
         chown -R root:root $K/log ;
         chown -R root:root $K/ssl ;
         chown -R root:root $K/web/stats ;
         chattr +i $K ;
      fi ;
   done ;
done ;

 

I am just a beginner and confused, how to use it?

after this command

Code:

#  chown -R web4:client4 /var/www/clients/client4/web4chown: changing ownership of `/var/www/clients/client4/web4': Operation not permitted

is now error 500

but I tried to enter the terminal

Code:

# for L in /var/www/clients/client* ; do
> C=`basename $L` ;
> for K in /var/www/clients/$C/web* ; do
> if [[ -d "$K" ]] ; then
> D=`basename $K` ;
> chattr -i $K ;
> chown -R ${D}:${C} $K ;
> chown -R root:root $K/log ;
> chown -R root:root $K/ssl ;
> chown -R root:root $K/web/stats ;
> chattr +i $K ;
> fi ;
> done ;
> done ;

I myself am the owner of the server, it simplifies?

Can not help re-installing ISPConfig...make backups before and after the pack up again to go?

I'm very confused, but thank you for any help