Hi, I'm using IspConfig with Ubuntu12.04 Apache and Postfix configuration. It's been bug free for the past months but a week ago I made some updates and got some errors. I'm using: Apache version 2.2.22 I get this error for the server local IP and some external IP addresses( not all of them, tested the site from different locations and proxy sites and it works but the log shows this errors). [Tue Jan 06 22:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/php-fcgi-scripts/ [Tue Jan 06 22:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/clients/ [Tue Jan 06 22:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/example.com/ [Tue Jan 06 22:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/conf/ I've tried to debug and change the owner for the www folder, no luck; didn't change the permission. Any ideas what can cause this error? It's the first time in 2 years that I get this error after using Isp and have no idee what happend, what changed. Thanks.
The folder has to be owned by root. If you changed it to a different user, then change it back please. All the directories that you listed above may not be accessed directly, so it is ok that access to them was rejected by apache if someone tries to access them. Do you get errors when you normally access your websites by domain name?
It's owned by root, root@mail:/var# ls -l total 56 drwxr-x--- 2 root root 4096 Dec 17 00:30 backup drwxr-xr-x 2 root root 4096 Jan 7 06:30 backups drwxr-xr-x 17 root root 4096 Jan 6 11:57 cache drwxrwsrwt 2 root whoopsie 4096 Dec 25 06:25 crash drwxr-xr-x 59 root root 4096 Jan 6 19:53 lib drwxrwsr-x 2 root staff 4096 Jan 10 2014 local lrwxrwxrwx 1 root root 9 Dec 17 00:05 lock -> /run/lock drwxr-xr-x 21 root root 4096 Jan 7 14:13 log drwxrwsr-x 2 root mail 4096 Jan 7 13:12 mail drwxr-xr-x 2 root root 4096 Dec 17 00:05 opt lrwxrwxrwx 1 root root 4 Jan 7 14:09 run -> /run drwxr-xr-x 6 root root 4096 Dec 16 22:45 spool drwxrwxrwt 2 root root 4096 Dec 23 17:43 tmp drwxr-xr-x 4 vmail vmail 4096 Dec 17 02:12 vmail drwx------ 4 root bin 4096 Jan 7 14:13 webmin drwxr-xr-x 7 root root 4096 Jan 4 23:25 www And the files and folders are the same: rwxr-xr-x 2 ispapps ispapps 4096 Dec 16 23:37 apps drwxr-xr-x 4 root root 4096 Jan 4 23:25 clients drwxr-xr-x 2 root root 4096 Dec 17 02:12 conf lrwxrwxrwx 1 root root 34 Dec 16 23:38 ispconfig -> /usr/local/ispconfig /interface/web lrwxrwxrwx 1 root root 30 Jan 4 23:25 example.com -> /var/www/clients/cl ient1/web6/ lrwxrwxrwx 1 root root 30 Dec 17 02:12 example.ro -> /var/www/clients/cli ent0/web1/ drwxr-xr-x 6 root root 4096 Jan 4 23:25 php-fcgi-scripts drwxr-xr-x 2 root root 4096 Jan 1 06:26 webalizer I don't get an error when I access the web pages, I tried from different IP's using proxy servers but no error. The problem is that 127.0.0.1 gives and error every 2 minutes in the log.
root@mail:/var/www# a2ensite default Site default already enabled root@mail:/var/www# service apache2 restart * Restarting web server apache2 [Wed Jan 07 14:51:56 2015] [warn] NameVirtualHost *:443 has no VirtualHosts ... waiting [Wed Jan 07 14:51:57 2015] [warn] NameVirtualHost *:443 has no VirtualHosts [ OK ] root@mail:/var/www# apache log: [Wed Jan 07 14:51:56 2015] [notice] caught SIGTERM, shutting down [Wed Jan 07 14:51:57 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jan 07 14:51:57 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Wed Jan 07 14:51:57 2015] [notice] Digest: generating secret for digest authentication ... [Wed Jan 07 14:51:57 2015] [notice] Digest: done [Wed Jan 07 14:51:57 2015] [notice] FastCGI: process manager initialized (pid 4399) [Wed Jan 07 14:51:57 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jan 07 14:51:57 2015] [notice] Apache/2.2.22 (Ubuntu) DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.6 PHP/5.3.10-1ubuntu3.15 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.22 OpenSSL/1.0.1 mod_perl/2.0.5 Perl/v5.14.2 configured -- resuming normal operations [Wed Jan 07 14:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/php-fcgi-scripts/ [Wed Jan 07 14:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/clients/ [Wed Jan 07 14:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/example.com/ [Wed Jan 07 14:52:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/conf/ [Wed Jan 07 14:53:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/php-fcgi-scripts/ [Wed Jan 07 14:53:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/clients/ [Wed Jan 07 14:53:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/example.com/ [Wed Jan 07 14:53:01 2015] [error] [client 127.0.0.1] client denied by server configuration: /var/www/conf/ Note de TIME STAMPS
[FIX] I found a quick fix, but doesn't work when you create a new VHOST. edit /etc/apache2/sites-available/ispconfig.vhost - for r/www/php-fcgi-scripts/ directory to be accessible by 127.0.0.1 add: Allow from 127.0.0.1 ::1 the file should look like this: AllowOverride None Order Deny,Allow Deny from all Allow from 127.0.0.1 ::1 or for a large IP pool: Allow from 127.0.0.0/255.0.0.0 ::1/128
The ispconfig.vhost file thats hips with ISPConfig does not deny access from any location. So I guess you may have modified yours before to deny access from 127.0.0.1.
That's the thing I ddin't do it willingly, I don't know when that happend because I tested some DDos protection options and made some changes but nothing to ispconfig.vhost. Now when I create a new site(vhost) it sets the deny from all.
