Hello Problems with Apache. Sites from external ip addresses are not accessible. And from internal ip addresses everything works. LogApache2: Code: # tail -f /var/log/apache2/error.log [Sat Oct 01 13:55:08.015740 2022] [authz_core:error] [pid 13330] [client ::1:33470] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:00:05.493930 2022] [authz_core:error] [pid 13327] [client ::1:33490] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:05:03.607711 2022] [authz_core:error] [pid 29325] [client ::1:33512] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:10:04.168037 2022] [authz_core:error] [pid 13326] [client ::1:33536] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:15:05.301094 2022] [authz_core:error] [pid 13364] [client ::1:33590] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:20:03.445446 2022] [authz_core:error] [pid 13379] [client ::1:33612] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:25:03.645582 2022] [authz_core:error] [pid 13327] [client ::1:33668] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:30:03.726113 2022] [authz_core:error] [pid 13328] [client ::1:33720] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:35:03.742002 2022] [authz_core:error] [pid 13364] [client ::1:33752] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sat Oct 01 14:40:03.753714 2022] [authz_core:error] [pid 13327] [client ::1:33802] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ and Code: # grep -rnw /etc/ -e 'allow,deny' /etc/apache2/conf-available/localized-error-pages.conf:54:# Order allow,deny /etc/apache2/conf-available/php7.0-cgi.conf:32:# Order allow,deny /etc/roundcube/apache.conf:15: Order allow,deny /etc/roundcube/apache.conf:33: Order allow,deny /etc/roundcube/apache.conf:45: Order allow,deny /etc/apparmor.d/usr.lib.snapd.snap-confine:39: /sys/fs/cgroup/devices/snap{,py}.*/devices.{allow,deny} w, and Apache conf: Code: ServerRoot "/etc/apache2" DefaultRuntimeDir ${APACHE_RUN_DIR} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn # Include module configuration: IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf # Include list of ports to listen on Include ports.conf # access here, or in any related virtual host. <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> #<Directory /srv/> # Options Indexes FollowSymLinks # AllowOverride None # Require all granted #</Directory> AccessFileName .htaccess <FilesMatch "^\.ht"> Require all denied </FilesMatch> # Include generic snippets of statements IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: IncludeOptional sites-enabled/ ISPConfig 3 on Debian 9.13 and Apache 2.7. Help, pls.
Have you modified any of the configuration files? Was this system just installed? How was it installed? Did it work previously? To rule out the usual suspects, follow these instructions: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
yes partially no, installed 8 months ago The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.2 Yes, a week ago everything worked. They didn't change anything. And now all sites work on the internal network from other computers. It does not load from external IP addresses, it takes a long time to load and a timeout error occurs on ports 80 and 443. And on port 8080 ispconfig 3 works from external IP addresses. Ufw and fail2ban temporarily disabled. Log IPTables: Code: iptables -S (ipv4) -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -N f2b-dovecot -N f2b-postfix-sasl -N f2b-pure-ftpd -N f2b-sshd -N ufw-after-forward -N ufw-after-input -N ufw-after-logging-forward -N ufw-after-logging-input -N ufw-after-logging-output -N ufw-after-output -N ufw-before-forward -N ufw-before-input -N ufw-before-logging-forward -N ufw-before-logging-input -N ufw-before-logging-output -N ufw-before-output -N ufw-logging-allow -N ufw-logging-deny -N ufw-not-local -N ufw-reject-forward -N ufw-reject-input -N ufw-reject-output -N ufw-skip-to-policy-forward -N ufw-skip-to-policy-input -N ufw-skip-to-policy-output -N ufw-track-forward -N ufw-track-input -N ufw-track-output -N ufw-user-forward -N ufw-user-input -N ufw-user-limit -N ufw-user-limit-accept -N ufw-user-logging-forward -N ufw-user-logging-input -N ufw-user-logging-output -N ufw-user-output -A INPUT -p tcp -m multiport --dports 25 -j f2b-postfix-sasl -A INPUT -p tcp -m multiport --dports 110,995,143,993,587,465,4190 -j f2b-dovecot -A INPUT -p tcp -m multiport --dports 21 -j f2b-pure-ftpd -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -p tcp -m multiport --dports 110,143,993,995 -j ACCEPT -A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT -A INPUT -p tcp -m multiport --dports 25 -j f2b-postfix-sasl -A INPUT -p tcp -m multiport --dports 110,995,143,993,587,465,4190 -j f2b-dovecot -A INPUT -p tcp -m multiport --dports 21 -j f2b-pure-ftpd -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A FORWARD -j ufw-track-forward -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output -A OUTPUT -j ufw-after-output -A OUTPUT -j ufw-after-logging-output -A OUTPUT -j ufw-reject-output -A OUTPUT -j ufw-track-output -A f2b-dovecot -s 92.49.237.175/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-dovecot -j RETURN -A f2b-dovecot -j RETURN -A f2b-postfix-sasl -s 195.133.18.125/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 5.34.207.48/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 171.22.30.115/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 87.246.7.75/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 141.98.11.17/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 212.70.149.72/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 5.34.204.199/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -s 5.34.207.88/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-postfix-sasl -j RETURN -A f2b-postfix-sasl -j RETURN -A f2b-pure-ftpd -j RETURN -A f2b-pure-ftpd -j RETURN -A f2b-sshd -s 221.213.129.46/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.173.42/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 131.100.2.61/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 62.204.41.222/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 177.73.136.175/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 179.218.195.50/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 152.89.198.28/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 138.197.182.2/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 179.60.147.99/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 103.145.161.53/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 101.255.65.138/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 112.6.244.66/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 193.142.146.239/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 117.110.40.251/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.173.55/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.172.87/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 179.43.167.74/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 163.177.78.241/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.173.54/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 117.50.88.114/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 196.1.97.206/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 138.197.142.81/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 129.226.205.204/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 222.107.156.227/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 43.132.156.216/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.173.61/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 45.125.65.126/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 36.110.228.254/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.172.174/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 43.134.200.122/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 211.250.74.124/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 185.110.243.137/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.177.173.52/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 61.194.35.119/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 203.171.20.139/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 180.76.161.192/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 221.122.73.130/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 147.182.139.154/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 173.212.250.114/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 43.154.189.8/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -s 156.232.9.41/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-sshd -j RETURN -A f2b-sshd -j RETURN -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-forward -j ufw-user-forward -A ufw-before-input -i lo -j ACCEPT -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A ufw-before-input -j ufw-not-local -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT -A ufw-before-input -j ufw-user-input -A ufw-before-output -o lo -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -j ufw-user-output -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP -A ufw-skip-to-policy-forward -j DROP -A ufw-skip-to-policy-input -j DROP -A ufw-skip-to-policy-output -j ACCEPT -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 21 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 25 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 53 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 110 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 143 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 465 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 587 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 993 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 995 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 3306 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 4190 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 8080 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 8081 -j ACCEPT -A ufw-user-input -p tcp -m multiport --dports 40110:40210 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 53 -j ACCEPT -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT
htf_report Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 9.13 (stretch) [INFO] uptime: 23:24:40 up 1 day, 2:15, 1 user, load average: 0,06, 0,05, 0,03 [INFO] memory: total used free shared buff/cache available Mem: 3,8G 2,0G 419M 93M 1,4G 1,4G Swap: 4,0G 60M 3,9G [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.7p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.33-0+deb9u12 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.0.33 [WARN] Your php-cgi in ' . /usr/bin/php-cgi . ' seems to be outdated and might contain known exploits. ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 30431) [INFO] I found the following mail server(s): Postfix (PID 1636) [INFO] I found the following pop3 server(s): Dovecot (PID 1124) [INFO] I found the following imap server(s): Dovecot (PID 1124) [INFO] I found the following ftp server(s): PureFTP (PID 1661) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:4190 (1124/dovecot) [anywhere]:993 (1124/dovecot) [anywhere]:995 (1124/dovecot) [localhost]:10023 (803/postgrey) [localhost]:10024 (31015/amavisd-new) [localhost]:10025 (1636/master) [localhost]:10026 (31015/amavisd-new) [localhost]:10027 (1636/master) [anywhere]:587 (1636/master) [localhost]:11211 (926/memcached) [anywhere]:110 (1124/dovecot) [anywhere]:143 (1124/dovecot) [anywhere]:465 (1636/master) [anywhere]:21 (1661/pure-ftpd) ***.***.***.***:53 (937/named) [localhost]:53 (937/named) [anywhere]:22 (991/sshd) [anywhere]:25 (1636/master) [localhost]:953 (937/named) *:*:*:*::*:8090 (30431/apache2) *:*:*:*::*:443 (30431/apache2) *:*:*:*::*:4190 (1124/dovecot) *:*:*:*::*:993 (1124/dovecot) *:*:*:*::*:995 (1124/dovecot) *:*:*:*::*:10023 (803/postgrey) *:*:*:*::*:10024 (31015/amavisd-new) *:*:*:*::*:10026 (31015/amavisd-new) *:*:*:*::*:3306 (1121/mysqld) *:*:*:*::*:587 (1636/master) [localhost]10 (1124/dovecot) [localhost]43 (1124/dovecot) *:*:*:*::*:80 (30431/apache2) *:*:*:*::*:465 (1636/master) *:*:*:*::*:8081 (30431/apache2) *:*:*:*::*:21 (1661/pure-ftpd) *:*:*:*::*:53 (937/named) *:*:*:*::*:22 (991/sshd) *:*:*:*::*:25 (1636/master) *:*:*:*::*:953 (937/named) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,143,993,995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (2 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (2 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (2 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 4 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 4 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8090 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### [WARN] You have both certbot and acme.sh installed. This can lead to problems. Certbot: /usr/bin/certbot acme.sh: /root/.acme.sh/acme.sh
Do the web request from external network reach that server? See web server log when connections are coming. If nothing was changed on that server, maybe router or firewall was changed? You should deal with the WARN messages in the report.
So your server is using Debian 9 Stretch, not10 Buster. You got a minor problem with your LE Client which should only be one, most probably certbot. Were you upgrading your server when this happened? How did you try accessing your sites from external IP? You can curl from the server to check your sites too.
No, the web request is not captured. But the connection from the external network to the ISPconfig web request reaches Code: # tail -f /var/log/apache2/other_vhosts_access.log myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:31 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:36 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:41 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:46 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:52 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:42:57 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:02 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:07 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:12 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:17 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" mywebmailhostname.com:443 MyInternalIP - - [02/Oct/2022:11:43:21 +0500] "POST /webmail/?_task=mail&_action=refresh HTTP/1.1" 200 955 "https://webmail.mywebmailsitename.com/webmail/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:23 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:28 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:33 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:38 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" mywebmailsitename.com:443 MyInternalIP - - [02/Oct/2022:11:44:22 +0500] "POST /webmail/?_task=mail&_action=refresh HTTP/1.1" 200 953 "https://webmail.mywebmailhostname.com/webmail/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" AllLogsApache: Code: # tail -f /var/log/apache2/ access.log access.log.4.gz error.log.11.gz error.log.7.gz other_vhosts_access.log.14.gz suexec.log suexec.log.4.gz access.log.1 access.log.5.gz error.log.12.gz error.log.8.gz other_vhosts_access.log.2.gz suexec.log.1 suexec.log.5.gz access.log.10.gz access.log.6.gz error.log.13.gz error.log.9.gz other_vhosts_access.log.3.gz suexec.log.10.gz suexec.log.6.gz access.log.11.gz access.log.7.gz error.log.14.gz other_vhosts_access.log other_vhosts_access.log.4.gz suexec.log.11.gz suexec.log.7.gz access.log.12.gz access.log.8.gz error.log.2.gz other_vhosts_access.log.1 other_vhosts_access.log.5.gz suexec.log.12.gz suexec.log.8.gz access.log.13.gz access.log.9.gz error.log.3.gz other_vhosts_access.log.10.gz other_vhosts_access.log.6.gz suexec.log.13.gz suexec.log.9.gz access.log.14.gz error.log error.log.4.gz other_vhosts_access.log.11.gz other_vhosts_access.log.7.gz suexec.log.14.gz access.log.2.gz error.log.1 error.log.5.gz other_vhosts_access.log.12.gz other_vhosts_access.log.8.gz suexec.log.2.gz access.log.3.gz error.log.10.gz error.log.6.gz other_vhosts_access.log.13.gz other_vhosts_access.log.9.gz suexec.log.3.gz # tail -f /var/log/apache2/access.log ::1 - - [02/Oct/2022:10:55:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:00:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:05:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:10:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:15:04 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:20:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:25:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:30:03 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:35:04 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ::1 - - [02/Oct/2022:11:40:04 +0500] "GET / HTTP/1.1" 403 363 "-" "Mozilla/5.0 (ISPConfig monitor)" ^C # tail -f /var/log/apache2/error.log [Sun Oct 02 10:55:03.545345 2022] [authz_core:error] [pid 3648] [client ::1:44270] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:00:03.740216 2022] [authz_core:error] [pid 4736] [client ::1:44348] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:05:03.731747 2022] [authz_core:error] [pid 4733] [client ::1:44408] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:10:03.878098 2022] [authz_core:error] [pid 3647] [client ::1:44458] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:15:04.180149 2022] [authz_core:error] [pid 3663] [client ::1:44518] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:20:03.643260 2022] [authz_core:error] [pid 4782] [client ::1:44570] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:25:03.564111 2022] [authz_core:error] [pid 4747] [client ::1:44620] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:30:03.999884 2022] [authz_core:error] [pid 4734] [client ::1:44670] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:35:04.082280 2022] [authz_core:error] [pid 4783] [client ::1:44730] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ [Sun Oct 02 11:40:04.018753 2022] [authz_core:error] [pid 3647] [client ::1:44780] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/ ^C # tail -f /var/log/apache2/suexec.log [2022-10-02 06:28:41]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2022-10-02 11:41:29]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2022-10-02 11:41:29]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter [2022-10-02 11:41:29]: uid: (5003/ispconfig) gid: (5004/ispconfig) cmd: .php-fcgi-starter ^C # tail -f /var/log/apache2/other_vhosts_access.log myhostname.com:8080 MyExternalIP - - [02/Oct/2022:11:43:17 +0500] "GET /datalogstatus.php HTTP/1.1" 200 3269 "https://myhostname.com:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" mywebmailhostname.com:443 MyInternalIP - - [02/Oct/2022:11:43:21 +0500] "POST /webmail/?_task=mail&_action=refresh HTTP/1.1" 200 955 "https://webmail.mywebmailhostname.com/webmail/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"
No, the server has not been updated. From different external IP addresses. For example, a home computer and from a phone.
My guess is that it is blocked externally by a router or firewall in front of the server. ISPConfig itself does not contain any functions to block requests just from the outside. Might be that your internet access provider or datacenter just changed something to prohibit access.
I called the technical support of Internet services, said technical work is underway. Yes, it seems a problem on the part of the provider. Thank you all, until tomorrow I will.