The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

403 Forbidden after rearranging of account

Discussion in 'General Discussion' started by Joe Li, Jun 5, 2017.

  1. Joe Li

    Joe Li Registered

    Joined:
    May 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Singapore
    cPanel Access Level:
    Root Administrator
    I've been getting 403 error after rearranging the accounts on my server.

    The error:

    Code:
    Forbidden
    
    You don't have permission to access / on this server.
    Server unable to read htaccess file, denying access to be safe
    
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
     
  2. 24x7serversecurity

    24x7serversecurity Active Member

    Joined:
    Aug 31, 2015
    Messages:
    36
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    Have you gone through the error logs?
    Check both cPanel error logs as well as apache error logs. This is most likely permission issue.
    Can advice once you show the error logs.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you review the Apache error log (/usr/local/apache/logs/error_log) when this happens and let us know the output you see when encountering that error message in your browser?

    Thank you.
     
  4. Joe Li

    Joe Li Registered

    Joined:
    May 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Singapore
    cPanel Access Level:
    Root Administrator
    Hello,

    This is the error I got from the Apache error log

    Code:
    [Tue Jun 06 07:27:44.364013 2017] [core:crit] [pid 15739] (13)Permission denied: [client IP ADDRESS:57271] AH00529: /mnt/home-dir/home/usrname/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/mnt/home-dir/home/usrname/' is executable
    [Tue Jun 06 07:27:44.364873 2017] [core:crit] [pid 15739] (13)Permission denied: [client IP ADDRESS:57271] AH00529: /mnt/home-dir/home/usrname/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/mnt/home-dir/home/usrname/' is executable
    [Tue Jun 06 07:27:44.370784 2017] [:error] [pid 15739] [client IP ADDRESS] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "www.example.com"] [uri "/"] [unique_id "UNIQUEID"]
    [Tue Jun 06 07:27:44.372168 2017] [:error] [pid 15739] [client IP ADDRESS] ModSecurity: Audit log: Failed to create subdirectories: /etc/apache2/logs/modsec_audit/usrname/20170606/20170606-0727 (Permission denied) [hostname "www.server.com"] [uri "/"] [unique_id "UNIQUEID"]
    [Tue Jun 06 07:27:44.396021 2017] [core:crit] [pid 15739] (13)Permission denied: [client IP ADDRESS:57271] AH00529: /mnt/home-dir/home/usrname/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/mnt/home-dir/home/usrname/' is executable
    [Tue Jun 06 07:27:44.396311 2017] [core:crit] [pid 15739] (13)Permission denied: [client IP ADDRESS:57271] AH00529: /mnt/home-dir/home/usrname/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/mnt/home-dir/home/usrname/' is executable
    [Tue Jun 06 07:27:44.397565 2017] [:error] [pid 15739] [client IP ADDRESS] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "www.server.com"] [uri "/favicon.ico"] [unique_id "UNIQUEID"]
    [Tue Jun 06 07:27:44.397795 2017] [:error] [pid 15739] [client IP ADDRESS] ModSecurity: Audit log: Failed to create subdirectories: /etc/apache2/logs/modsec_audit/usrname/20170606/20170606-0727 (Permission denied) [hostname "www.server.com"] [uri "/favicon.ico"] [unique_id "UNIQUE-ID"]
    [Tue Jun 06 07:30:02.426945 2017] [:error] [pid 15741] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "286"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.com"] [uri "/whm-server-status"] [unique_id "UNIQUEID"]
    
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,405
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Modsecurity does seem to be the cause of the error you are getting, but you have to check it more.

    Check what is your IP addresss
    # tail -f /usr/local/apache/logs/error_log | grep <your IP address>

    Browse the website now and then go back to the shell and see what error is occurring. If it is only modsecurity, then you have check what part of it is doing it, whether you rearranged the account properly, did you change the ownership after the rearrangement? and stuff like this, so please check ..
     
  6. fuzzylogic

    fuzzylogic Active Member

    Joined:
    Nov 8, 2014
    Messages:
    39
    Likes Received:
    13
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    This seems to be a non-standard path to find a domains .htaccess file on a cPanel server.
    A more standard path would be...
    /home/username/public_html/.htaccess
    If you have configured new non-standard paths, perhaps you omitted the public_html directory.
    Also usrname is mis-spelled.

    Not knowing how you "re-arranged some accounts" its hard to offer much more.

    You have permission/ownership issues with the apache user (nobody) reading the /var/cpanel/secdatadir/ip file, but this should not generate a 403 error.
    You have permission/ownership issues with the apache user (nobody) writing to the /etc/apache2/logs/modsec_audit/ directory, but this should not generate a 403 error.
     
  7. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Can you provide the output of:

    Code:
    ls -lah /mnt/home-dir/home/usrname/
     
Loading...

Share This Page