Odd 403 Forbidden errors

[blackice]

Hi,

On our machine, over all accounts on multiple domains, some files randomly give 403 forbidden errors. There's no pattern in which ones give 403s, though common ones i've observed include index.php, profile.php and request.php.

I have found no pattern in any of this behaviour and am completely stumped as to what it might be. I'm not running suExec or anything of that sort, I do have mod_security but it's not the cause (Checked config and tried disabling)

The odd thing is that the 403 only lasts for a minute at most, and then is accessible again.

Any ideas?

[chirpy]

That could possible be caused by mod_dosevasive/mod_evasive. If you're using it in httpd.conf try disabling the module load lines (2) and restart httpd.

[blackice]

Indeed this appears to be the cause of the problem, and disabling it worked fine.

Many thanks!

[akasharkbow]

I was having this problem on my server as well and this has fixed the problem. Thanks. I am wondering though, does disabling this open the server up to more attacks? Is there anything I should be concerned about?

Thanks for your help.

David J.

[ramprage]

You can modify the settings for your evasive configuration to prevent the block for occuring.

[akasharkbow]

Where do I go to do that?

Thanks for your help.

David H. Johnston

[tweakservers]

I was having this problem on my server as well and this has fixed the problem. Thanks. I am wondering though, does disabling this open the server up to more attacks? Is there anything I should be concerned about?

Thanks for your help.

David J.

The module will not be loaded into your Apache. Probably a check / tweak on the mod_dosevasive/mod_evasive modules will help.