Error 500 when browser refreshed - is mod_security the cause?

[Sunlander]

Hi,

apologies if this isn't the right category to post in but I am not sure what is causing this (whether a security component issue or something else).

I keep getting an error 500 if a page is refreshed in the browser window. I have been researching for weeks and now trying to now rule out if it is caused by mod_security. I have checked the error logs, this is today's report so far which has a mention of mod_security amongst other errors:

[Sat Feb 16 10:18:41.702963 2019] [mpm_worker:notice] [pid 18219:tid 47169271022944] AH00295: caught SIGTERM, shutting down

[Sat Feb 16 10:18:42.154687 2019] [core:notice] [pid 4821:tid 47643574941024] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0

[Sat Feb 16 10:18:42.175118 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity for Apache/2.9.2 (ModSecurity: Open Source Web Application Firewall) configured.

[Sat Feb 16 10:18:42.175165 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"

[Sat Feb 16 10:18:42.175188 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"

[Sat Feb 16 10:18:42.175202 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity: LUA compiled version="Lua 5.1"

[Sat Feb 16 10:18:42.175215 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity: LIBXML compiled version="2.9.7"

[Sat Feb 16 10:18:42.175228 2019] [:notice] [pid 4821:tid 47643574941024] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.

[Sat Feb 16 10:18:42.176782 2019] [suexec:notice] [pid 4821:tid 47643574941024] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Sat Feb 16 10:18:42.286217 2019] [mpm_worker:notice] [pid 4824:tid 47643574941024] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming norm$

[Sat Feb 16 10:18:42.286270 2019] [core:notice] [pid 4824:tid 47643574941024] AH00094: Command line: '/usr/sbin/httpd'

[Sat Feb 16 10:19:28.630123 2019] [proxy_fcgi:error] [pid 4830:tid 47643768432384] [client 81.152.47.38:49370] AH01067: Failed to read FastCGI header, referer: https://www.link$

[Sat Feb 16 10:19:28.630229 2019] [proxy_fcgi:error] [pid 4830:tid 47643768432384] (104)Connection reset by peer: [client 81.152.47.38:49370] AH01075: Error dispatching request$

[Sat Feb 16 10:19:28.631785 2019] [proxy_fcgi:error] [pid 4831:tid 47643770533632] [client 37.157.193.84:19972] AH01067: Failed to read FastCGI header

[Sat Feb 16 10:19:28.631865 2019] [proxy_fcgi:error] [pid 4831:tid 47643770533632] (104)Connection reset by peer: [client 37.157.193.84:19972] AH01075: Error dispatching reques$

[Sat Feb 16 10:19:28.635059 2019] [proxy_fcgi:error] [pid 4831:tid 47643770533632] [client 37.157.193.84:19972] AH01067: Failed to read FastCGI header

[Sat Feb 16 10:19:28.635099 2019] [proxy_fcgi:error] [pid 4831:tid 47643770533632] (104)Connection reset by peer: [client 37.157.193.84:19972] AH01075: Error dispatching reques$

[Sat Feb 16 10:19:28.635132 2019] [proxy_fcgi:error] [pid 4830:tid 47643768432384] [client 81.152.47.38:49370] AH01067: Failed to read FastCGI header, referer: https://www.link$

[Sat Feb 16 10:19:28.635165 2019] [proxy_fcgi:error] [pid 4830:tid 47643768432384] (104)Connection reset by peer: [client 81.152.47.38:49370] AH01075: Error dispatching request$

[Sat Feb 16 10:19:28.665767 2019] [proxy:error] [pid 4832:tid 47643768432384] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /opt/cpanel/$

[Sat Feb 16 10:19:28.665893 2019] [proxy_fcgi:error] [pid 4832:tid 47643768432384] [client 81.152.47.38:49377] AH01079: failed to make connection to backend: httpd-UDS, referer$

[Sat Feb 16 10:19:28.666494 2019] [proxy:error] [pid 4832:tid 47643768432384] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /opt/cpanel/$

[Sat Feb 16 10:19:28.666526 2019] [proxy_fcgi:error] [pid 4832:tid 47643768432384] [client 81.152.47.38:49377] AH01079: failed to make connection to backend: httpd-UDS, referer$

[Sat Feb 16 10:19:28.734399 2019] [proxy:error] [pid 4833:tid 47643768432384] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /opt/cpanel/$

[Sat Feb 16 10:19:28.734546 2019] [proxy_fcgi:error] [pid 4833:tid 47643768432384] [client 81.152.47.38:49386] AH01079: failed to make connection to backend: httpd-UDS, referer$

[Sat Feb 16 10:19:28.735257 2019] [proxy:error] [pid 4833:tid 47643768432384] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /opt/cpanel/$

[Sat Feb 16 10:19:28.735303 2019] [proxy_fcgi:error] [pid 4833:tid 47643768432384] [client 81.152.47.38:49386] AH01079: failed to make connection to backend: httpd-UDS, referer$

[Sat Feb 16 10:20:32.829707 2019] [authz_core:error] [pid 4829:tid 47643791546112] [client 216.244.66.201:49884] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:20:34.810144 2019] [authz_core:error] [pid 4832:tid 47643791546112] [client 216.244.66.201:53312] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:20:36.728308 2019] [authz_core:error] [pid 4833:tid 47643791546112] [client 216.244.66.201:56790] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:26:45.759626 2019] [authz_core:error] [pid 4830:tid 47643793647360] [client 216.244.66.201:54600] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:26:45.760150 2019] [authz_core:error] [pid 4830:tid 47643793647360] [client 216.244.66.201:54600] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:21.980834 2019] [authz_core:error] [pid 4830:tid 47643764229888] [client 216.244.66.201:37498] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:21.981061 2019] [authz_core:error] [pid 4832:tid 47643764229888] [client 216.244.66.201:37496] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:23.756312 2019] [authz_core:error] [pid 4833:tid 47643764229888] [client 216.244.66.201:58528] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:23.756832 2019] [authz_core:error] [pid 4833:tid 47643764229888] [client 216.244.66.201:58528] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:23.757383 2019] [authz_core:error] [pid 4829:tid 47643766331136] [client 216.244.66.201:58526] AH01630: client denied by server configuration: /home/mywebsite$

[Sat Feb 16 10:29:23.757769 2019] [authz_core:error] [pid 4829:tid 47643766331136] [client 216.244.66.201:58526] AH01630: client denied by server configuration: /home/mywebsite$

I have mod_security enabled in my cpanel but it says in the above error log:

Status engine is currently disabled, enable it by set SecStatusEngine to On. Is this a setting somewhere that has to be enabled in WHM?

The error 500 happens on dynamic content pages, the odd thing is the urls actually exist they break temporarily for a couple of minutes, or if I click on the menu all over again and then select the page it works. It is very odd.

I do have cron jobs running but these errors don't seem to be tied to when they are triggered/runing.

Can anyone who understands this kind of thing see what is wrong from the errors? I have attached a copy of my htaccess file too just in case that sheds light on something

I hope someone can help

Kind regards

 

[Sunlander]

Hi,

for anyone else who has this problem here is what fixed it for me.

Although I had mod_rewrite on my server it was not enabled in the file at:

/etc/apache2/conf/httpd.conf

I added the following line (as it wasn't in the file):

LoadModule rewrite_module libexec/mod_rewrite.so

After much trial and error I realised the problem was caused by having SEF and URL rewrite enabled in Joomla. When I disabled these I no longer got the error 500 issue. Obviously I couldn't leave the site with these settings disabled (bad for SEO).

Anyway, the above solution solved it

One thing though, does anyone know if this httpd.conf gets overwritten by anything? If yes, is there somewhere it can be enabled more permanently?

Kind regards

 

[cPanelMichael]

/etc/apache2/conf/httpd.conf

I added the following line (as it wasn't in the file):

LoadModule rewrite_module libexec/mod_rewrite.so

Hello @Sunlander,

You actually shouldn't need to add that line to the httpd.conf file. The line is setup by default in the following file:

/etc/apache2/conf.modules.d/385_mod_rewrite.conf

To confirm, after removing the manual line you added, does the original issue reoccur?

Thank you.

 

[Sunlander]

Hi Michael,

it is becoming a bit of a nightmare this. I thought I had fixed it yesterday but it wasn't
I removed that line but this is what the last 2 pages of my error log shows:

[Tue Feb 19 15:44:59.142132 2019] [mpm_worker:notice] [pid 30100:tid 47465679250784] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming nor$
[Tue Feb 19 15:44:59.142202 2019] [core:notice] [pid 30100:tid 47465679250784] AH00094: Command line: '/usr/sbin/httpd'
[Tue Feb 19 15:54:08.277872 2019] [authz_core:error] [pid 30108:tid 47465876944640] [client xxx.xxx.xx.xxx:45048] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 15:54:09.536788 2019] [authz_core:error] [pid 30105:tid 47465879045888] [client xxx.xxx.xx.xxx:46338] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:47.776374 2019] [authz_core:error] [pid 30106:tid 47465969489664] [client xxx.xxx.xx.xxx:46736] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:48.045025 2019] [authz_core:error] [pid 30105:tid 47465971590912] [client xxx.xxx.xx.xxx:47688] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:48.045731 2019] [authz_core:error] [pid 30108:tid 47465969489664] [client xxx.xxx.xx.xxx:47682] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.128173 2019] [authz_core:error] [pid 30109:tid 47465971590912] [client xxx.xxx.xx.xxx:39442] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.128567 2019] [authz_core:error] [pid 30109:tid 47465971590912] [client xxx.xxx.xx.xxx:39442] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.271884 2019] [authz_core:error] [pid 30107:tid 47465971590912] [client xxx.xxx.xx.xxx:40830] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.272367 2019] [authz_core:error] [pid 30107:tid 47465971590912] [client xxx.xxx.xx.xxx:40830] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.280617 2019] [authz_core:error] [pid 30106:tid 47465971590912] [client xxx.xxx.xx.xxx:40828] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:01:49.281076 2019] [authz_core:error] [pid 30106:tid 47465971590912] [client xxx.xxx.xx.xxx:40828] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:04:25.128387 2019] [mpm_worker:notice] [pid 30100:tid 47465679250784] AH00295: caught SIGTERM, shutting down
[Tue Feb 19 16:04:25.652418 2019] [core:notice] [pid 31665:tid 47296576259424] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Feb 19 16:04:25.665675 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Feb 19 16:04:25.665703 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Tue Feb 19 16:04:25.665719 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Tue Feb 19 16:04:25.665730 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Feb 19 16:04:25.665740 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity: LIBXML compiled version="2.9.7"
[Tue Feb 19 16:04:25.665750 2019] [:notice] [pid 31665:tid 47296576259424] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Tue Feb 19 16:04:25.666744 2019] [suexec:notice] [pid 31665:tid 47296576259424] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 19 16:04:25.701936 2019] [so:warn] [pid 31665:tid 47296576259424] AH01574: module rewrite_module is already loaded, skipping
[Tue Feb 19 16:04:25.768542 2019] [mpm_worker:notice] [pid 31668:tid 47296576259424] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming nor$
[Tue Feb 19 16:04:25.768610 2019] [core:notice] [pid 31668:tid 47296576259424] AH00094: Command line: '/usr/sbin/httpd'
[Tue Feb 19 16:06:59.821256 2019] [authz_core:error] [pid 31677:tid 47296763447040] [client xx.xxx.xxx.xx:57063] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:06:59.821727 2019] [authz_core:error] [pid 31677:tid 47296763447040] [client xx.xxx.xxx.xx:57063] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:07:03.509159 2019] [authz_core:error] [pid 31677:tid 47296763447040] [client xx.xxx.xxx.xx:57063] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:07:03.509685 2019] [authz_core:error] [pid 31677:tid 47296763447040] [client xx.xxx.xxx.xx:57063] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:14:55.711591 2019] [mpm_worker:notice] [pid 31668:tid 47296576259424] AH00295: caught SIGTERM, shutting down
[Tue Feb 19 16:14:56.171060 2019] [core:notice] [pid 32471:tid 47377296176480] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Feb 19 16:14:56.184589 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Feb 19 16:14:56.184611 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Tue Feb 19 16:14:56.184627 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Tue Feb 19 16:14:56.184638 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Feb 19 16:14:56.184647 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity: LIBXML compiled version="2.9.7"
[Tue Feb 19 16:14:56.184656 2019] [:notice] [pid 32471:tid 47377296176480] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Tue Feb 19 16:14:56.185643 2019] [suexec:notice] [pid 32471:tid 47377296176480] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 19 16:14:56.226185 2019] [so:warn] [pid 32471:tid 47377296176480] AH01574: module rewrite_module is already loaded, skipping
[Tue Feb 19 16:14:56.808959 2019] [mpm_worker:notice] [pid 32474:tid 47377296176480] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming nor$
[Tue Feb 19 16:14:56.809031 2019] [core:notice] [pid 32474:tid 47377296176480] AH00094: Command line: '/usr/sbin/httpd'
[Tue Feb 19 16:24:39.292012 2019] [authz_core:error] [pid 32480:tid 47378012882688] [client xxx.xxx.xx.xxx:42500] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:24:39.292544 2019] [authz_core:error] [pid 32480:tid 47378012882688] [client xxx.xxx.xx.xxx:42500] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:25:48.669558 2019] [authz_core:error] [pid 32482:tid 47377902589696] [client xxx.xxx.xx.xxx:51796] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:25:48.670018 2019] [authz_core:error] [pid 32482:tid 47377902589696] [client xxx.xxx.xx.xxx:51796] AH01630: client denied by server configuration: /home/mysite$
[Tue Feb 19 16:26:20.921528 2019] [mpm_worker:notice] [pid 32474:tid 47377296176480] AH00295: caught SIGTERM, shutting down
[Tue Feb 19 16:26:21.487731 2019] [core:notice] [pid 1076:tid 47948725593440] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Feb 19 16:26:21.508597 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Feb 19 16:26:21.508656 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Tue Feb 19 16:26:21.508681 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Tue Feb 19 16:26:21.508696 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Feb 19 16:26:21.508710 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: LIBXML compiled version="2.9.7"
[Tue Feb 19 16:26:21.544011 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: StatusEngine call: "2.9.2,Apache,1.6.3/1.6.3,7.8/7.8 2008-09-05,Lua 5.1,2.9.7,06"
[Tue Feb 19 16:26:21.784437 2019] [:notice] [pid 1076:tid 47948725593440] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurit$
[Tue Feb 19 16:26:21.786279 2019] [suexec:notice] [pid 1076:tid 47948725593440] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 19 16:26:21.838431 2019] [so:warn] [pid 1076:tid 47948725593440] AH01574: module rewrite_module is already loaded, skipping
                            [Tue Feb 19 16:26:21.786279 2019] [suexec:notice] [pid 1076:tid 47948725593440] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 19 16:26:21.838431 2019] [so:warn] [pid 1076:tid 47948725593440] AH01574: module rewrite_module is already loaded, skipping
[Tue Feb 19 16:26:22.433066 2019] [mpm_worker:notice] [pid 1079:tid 47948725593440] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming norm$
[Tue Feb 19 16:26:22.433197 2019] [core:notice] [pid 1079:tid 47948725593440] AH00094: Command line: '/usr/sbin/httpd'
[Tue Feb 19 16:27:44.728280 2019] [authz_core:error] [pid 1088:tid 47949349033728] [client xxx.xxx.xx.xxx:40384] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:27:44.728943 2019] [authz_core:error] [pid 1088:tid 47949349033728] [client xxx.xxx.xx.xxx:40384] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:29:45.736753 2019] [authz_core:error] [pid 1085:tid 47949442758400] [client xxx.xxx.xx.xxx:49570] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:29:45.737201 2019] [authz_core:error] [pid 1085:tid 47949442758400] [client xxx.xxx.xx.xxx:49570] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:31:47.167020 2019] [authz_core:error] [pid 1086:tid 47949451163392] [client xxx.xxx.xx.xxx:38612] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:31:49.511713 2019] [authz_core:error] [pid 1087:tid 47949451163392] [client xxx.xxx.xx.xxx:43466] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:31:49.742589 2019] [authz_core:error] [pid 1087:tid 47949451163392] [client xxx.xxx.xx.xxx:43466] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:32:20.606588 2019] [authz_core:error] [pid 1084:tid 47949332223744] [client xxx.xxx.xx.xxx:50480] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:32:20.607003 2019] [authz_core:error] [pid 1084:tid 47949332223744] [client xxx.xxx.xx.xxx:50480] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:32:57.120965 2019] [mpm_worker:notice] [pid 1079:tid 47948725593440] AH00295: caught SIGTERM, shutting down
[Tue Feb 19 16:32:57.730931 2019] [core:notice] [pid 2070:tid 47164008576352] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Feb 19 16:32:57.744974 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Feb 19 16:32:57.745025 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Tue Feb 19 16:32:57.745067 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Tue Feb 19 16:32:57.745081 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Feb 19 16:32:57.745091 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: LIBXML compiled version="2.9.7"
[Tue Feb 19 16:32:57.745188 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: StatusEngine call: "2.9.2,Apache,1.6.3/1.6.3,7.8/7.8 2008-09-05,Lua 5.1,2.9.7,06"
[Tue Feb 19 16:32:58.016224 2019] [:notice] [pid 2070:tid 47164008576352] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurit$
[Tue Feb 19 16:32:58.017985 2019] [suexec:notice] [pid 2070:tid 47164008576352] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 19 16:32:58.658701 2019] [mpm_worker:notice] [pid 2073:tid 47164008576352] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming norm$
[Tue Feb 19 16:32:58.658798 2019] [core:notice] [pid 2073:tid 47164008576352] AH00094: Command line: '/usr/sbin/httpd'
[Tue Feb 19 16:34:21.275231 2019] [authz_core:error] [pid 2080:tid 47164621510400] [client xxx.xxx.xx.xxx:42988] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:34:21.275724 2019] [authz_core:error] [pid 2080:tid 47164621510400] [client xxx.xxx.xx.xxx:42988] AH01630: client denied by server configuration: /home/mysitel$
[Tue Feb 19 16:36:21.992588 2019] [authz_core:error] [pid 2083:tid 47164627814144] [client xxx.xxx.xx.xxx:34068] AH01630: client denied by server configuration: /home/mysitel$

Basically I have discovered that the error 500s happen when I enable Joomla SEF and URL rewriting. If I turn both of those off it works(ish) and also I replace the admintools htaccess with the Joomla default one.

I have added the following to the WHM - Apache Configuration - Pre Virtual Hosts Include (I found a solution somewhere) because error messages where telling me suPHP_UserGroup was missing so I copied the code from the httpd.conf file - is that correct? :

<VirtualHost xx.xx.xxx.xxx:80>
  ServerName mysite.com
    ServerAlias mail.mysite.com www.mysite.com
  DocumentRoot /home/mysite/public_html
  ServerAdmin [email protected]
  UseCanonicalName Off
  ## User mysite # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
        <IfModule !mod_passenger.c>
          UserDir disabled
          UserDir enabled mysite
        </IfModule>
      </IfModule>
    </IfModule>
  </IfModule>
    <IfModule suphp_module>
    suPHP_UserGroup mysite mysite
  </IfModule>
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup mysite mysite
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid mysite mysite
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID mysite mysite
  </IfModule>
  <IfModule mod_passenger.c>
    PassengerUser mysite mysite
    PassengerGroup mysite mysite
  </IfModule>

  <IfModule alias_module>
    ScriptAlias /cgi-bin/ /home/mysite/public_html/cgi-bin/
  </IfModule>
    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
        RewriteOptions Inherit
    </IfModule>

    <IfModule proxy_fcgi_module>
        <FilesMatch \.(phtml|php[0-9]*)$>
            SetHandler proxy:unix:/opt/cpanel/ea-php72/root/usr/var/run/php-fpm/58cde91b66dc4f98a9c3eab06fffaa54d4eaf640.sock|fcgi://mysite.com
        </FilesMatch>
    </IfModule>
<Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

 

[cPanelMichael]

I have added the following to the WHM - Apache Configuration - Pre Virtual Hosts Include (I found a solution somewhere) because error messages where telling me suPHP_UserGroup was missing so I copied the code from the httpd.conf file - is that correct?

Hello @Sunlander,

I recommend determining the specific cause of the problem before implementing any workarounds or custom Apache configurations. Can you share the specific error message you are referring to?

Thank you.

 

[Sunlander]

Hi Michael,

the original error in the logs (see first post) was saying about mod_rewrite and then mod_security. So I enabled them. Is that what you mean? I added the following to WHM - Apache Configuration - Pre Virtual Hosts Include

<VirtualHost xx.xx.xxx.xxx:80>
  ServerName mysite.com
   ServerAlias mail.mysite.com www.mysite.com
  DocumentRoot /home/mysite/public_html
  ServerAdmin [email protected]
  UseCanonicalName Off
<Directory /var/www/html>
       Options Indexes FollowSymLinks
       AllowOverride All
       Require all granted
   </Directory>
</VirtualHost>

But it then produced the error that suPHP_UserGroup was missing so I copied the section for that particular virtualserver from the httpd.conf file (I copied all of the VirtualHost details from there to put in the Pre Virtual Hosts Include file).

 

[cPanelMichael]

Hello @Sunlander,

If I understand correctly, you were able to address the issue per the quote below:

Basically I have discovered that the error 500s happen when I enable Joomla SEF and URL rewriting. If I turn both of those off it works(ish) and also I replace the admintools htaccess with the Joomla default one.

If that's the case, I recommend reverting any of the manual changes you made to the Apache configuration file (made via additions to the Pre Virtual Hosts Include section).

Thank you.

 

[Sunlander]

Hi Michael,

I have done what you said, now I am back to lots of the original error:

authz_core:error] [pid 12658:tid 47098659735296] [client xxx.xxx.xx.xxx:53478] AH01630: client denied by server configuration:

I have to have SEF and URL rewriting enabled in my site, but in doing so I get those issues above. WHat does this error actually mean authz_core:error?

What is the correct way to fix it on the server? Googling it sends us all over the place and everything I try brings up a new issue.

It is a pity these servers don't come with all the modules and settings installed optimized for high performance.

 

[Sunlander]

I think my problem is that both SEF url and mod_rewrite are not fully setup on the server? Is there any guidance that walks us through how we do this? Is someone here able to tell me which parts of the WHM settings need to be changed?

Under Global configuration there are a number of settings for symlinks. What should these be:

SymLinksIfOwnerMatch - this is checked as enabled
Symlink Protection - this is currently off

SHould the above be changed?

 

[cPanelMichael]

authz_core:error] [pid 12658:tid 47098659735296] [client xxx.xxx.xx.xxx:53478] AH01630: client denied by server configuration:

I have to have SEF and URL rewriting enabled in my site, but in doing so I get those issues above. WHat does this error actually mean authz_core:error?

Hello @Sunlander,

Could you open a support ticket so we can take a closer look and rule out any issues with how cPanel & WHM or Apache is configured? You can post the ticket number here and we'll link this thread to it.

Thank you.

 

[Sunlander]

Hi Michael,

I have just followed the instructions for submitting support. I hope I have done it correctly via WHM? Here is the reference they gave me:
11482083

Kind regards

 

[cPanelMichael]

Hello @Sunlander,

It looks like replacing some of the custom entries in the .htaccess file and disabling some of the OWASP rules solved the problem. Can you confirm if this particular issue is now solved?

Thank you.

 

[Sunlander]

Hi Micheal,

yes that was it. I was using Akeeba Admin tools htaccess maker and it was causing the errors. I reverted to Jomla default htaccess and that helped. Plus as recommended by your excellent support team I updated various modules including mod_security, OSWASP and mod_rewrite and increased the limits in server (again as recommended).

Thanks for such a super efficient ticket support service it was one of the best support experiences I have had.

 

[cPanelMichael]

Hi @Sunlander,

I'm happy to see it all worked out! Thanks for sharing the outcome here.