Hi All, I've done quite a lot here, so I'm unsure where the problem really lies.. I updated Debian to 10, and straight after ran the ispconfig-update script. I am now presented with a 403 Forbidden page, and none of my sites are working. Apache is runniing, and displays html files, but any attempt to access a php file gives an access denied. I'm unsure whether apache/php is the root issue here, of ispconfig not running is responsible. I have checked all the Apache 2.4 "Require all granted" and can't see any old config. I am now about 20 hours into this and I'm going round in circles. Any thoughts would be most appreciated please. Regards, Dave
Check the apache error.log of the website and the global apache error.log to find out why you get the 403 error. Did you do a Debian update or a dist upgrade from Debian 9 to 10?
Thanks for the reply! I've upped the tracelevels in the logs, and the only error I can see that is relevant is : Code: [Sat Jul 25 05:02:22.028169 2020] [access_compat:error] [pid 20019] [client 162.158.166.41:11480] AH01797: client denied by server configuration: /var/www/bnis.net.au/web/xmlrpc.php [Sat Jul 25 05:02:22.028183 2020] [core:trace3] [pid 20019] request.c(119): [client 162.158.166.41:11480] auth phase 'check access (with Satisfy All)' gave status 403: /xmlrpc.php I did a a dist upgrade.
The host file for ispconfig is (if this helps) Code: ############################################### # ISPConfig Logfile configuration for vlogger ################################################ SetEnvIf Request_URI "^/datalogstatus.php$" dontlog LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig LogLevel trace5 CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog <Directory /var/www/clients> AllowOverride None Require all denied </Directory> # Do not allow access to the root file system of the server for security reasons <Directory /> Options -Indexes AllowOverride None Require all denied </Directory> <Directory /var/www/conf> AllowOverride None Require all denied </Directory> # Except of the following directories that contain website scripts <Directory /usr/share/phpmyadmin> Require all granted </Directory> <Directory /usr/share/phpMyAdmin> Require all granted </Directory> <Directory /srv/www/htdocs> Require all granted </Directory> <Directory /usr/share/squirrelmail> Require all granted </Directory> # Allow access to mailman on OpenSuSE <Directory /usr/lib/mailman/cgi-bin> Require all granted </Directory> <Directory /usr/lib/mailman/icons> Require all granted </Directory> <Directory /usr/lib/mailman/icons> Require all granted </Directory> <Directory /var/lib/mailman/archives/> Options +FollowSymLinks Require all granted </Directory> # allow path to awstats and alias for awstats icons <Directory /usr/share/awstats> Require all granted </Directory> Alias /awstats-icon "/usr/share/awstats/icon" Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted <IfModule mpm_itk_module> AssignUserId www-data www-data </IfModule> </Directory> NameVirtualHost *:80 NameVirtualHost *:443 NameVirtualHost 198.204.227.178:80 NameVirtualHost 198.204.227.178:443
And just spotted this.. Code: [Sat Jul 25 05:19:48.744076 2020] [http:trace4] [pid 22314] http_filters.c(957): [client 14.201.225.57:44466] Content-Length: 18478, referer: https://198.204.227.178:8080/login/index.php [Sat Jul 25 05:19:48.744085 2020] [http:trace4] [pid 22314] http_filters.c(957): [client 14.201.225.57:44466] Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests, referer: https://198.204.227.178:8080/login/index.php
Hey all, This is now resolved... Not a problem with the software at all.. The Debian update totally borked the PHP modules, although it looked OK. I solved by purging PHP and re-installing (although I wasn't able to get 5.6 installed and running). Thanks for the help! Cheers, Dave
