I am facing frequent 403 error, on website, in email-roundcube. I had installed mod-security. Thinking that the Apache mo-security may be creating the problem, I have disabled it, but the 403 error still persists.
yes, that is very likely as mod-security shws a 403 when it blocks a request. Maybe it is not fully deactivated or apache has not been restarted after the config change. You should be able to see it in the mod security log files when it blocks a request.
I have even restarted the server machine, still I am getting the error. BTW where I can check the logs for mod-security. I have checked the error log for vhost in var/log/ispconfig/http/relevant vhost error.log There I am getting for example - Code: [Fri Jan 20 14:06:41 2017] [error] [client 117.247.67.136] client denied by server configuration: /var/www/lions322c2.org/web/administrator/index.php, referer: http://lions322c2.org/administrator/index.php?option=com_media
In that folder I can see access.log error.log modsec_audit.log suexec.log other_vhosts_access.log the contents of modsec_audit.log is like this - Code: --5518f61a-A-- [15/Jan/2017:07:59:10 +0530] WHredsCoAAoAAEkMtWIAAAAG 185.40.4.66 53966 192.168.0.10 80 --5518f61a-B-- GET /rss/catalog/notifystock/ HTTP/1.1 Authorization: Basic c3lzdGVtX2JhY2t1cDpjb21wYXE= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Referer: http://www.google.com/ Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7 Host: unitechindia.com Connection: Keep-Alive --5518f61a-F-- HTTP/1.1 401 Unauthorized X-Powered-By: PHP/5.3.10-1ubuntu3.25 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Www-Authenticate: Basic realm="RSS Feeds" Set-Cookie: PHPSESSID=156d0759a99638283591322a7d8cf059; expires=Sun, 15-Jan-2017 03:29:10 GMT; path=/; domain=unitechindia.com; HttpOnly Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5518f61a-H-- Apache-Handler: fcgid-script Stopwatch: 1484447350560621 82162 (- - -) Stopwatch2: 1484447350560621 82162; combined=38, p1=23, p2=10, p3=0, p4=0, p5=5, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/). Server: Apache/2.2.22 (Ubuntu)
I have noticed particular while accessing email account in roundcube. when I click on a email subject, preview pane shows okay. but once I click on another mail, I get 404. Then If I wait for some time and then click on the same email subject, the preview show okay. Can mod_evasive also cause this type of problem. As I have mod_evasive enabled.
Yes, then it is caused by mod_evasive when the problem cures itself after a short time period. edit your mod_evasive config and make it less strict (allow more requests to a file in the given time frame).
