New host giving 403 on included files

Operating System & Version
RHEL 6.10
cPanel & WHM Version
86.0.22

Xoles

Member
Apr 2, 2013
8
0
51
cPanel Access Level
Root Administrator
We have a server working fine since 2007 with 332 domains, but since yesterday we cant get new websites working, the host is created without issues, cpanel ok, directory listed on domain, but when we upload for example a joomla installer, only the php is loaded, with all the js,css,images, etc giving 403 on browser console, and having the error "AH01630: client denied by server configuration" on server logs for the same files, BUT we can access those files directly on the browser, just 403 when php try to load them.

We are running RHEL 6.10 and the lastest compatible v86.0.22 from the lts build. The last created host without issues was made on 2020-05-15, no changes on configurations made, just regular updates.

The only strage thing we see on httpd.conf is that ALL new vhost are created after the legend "Define the main cPanel & WHM proxy subdomains", but besides that, all parameters are exactly the same as other working sites.

Code:
</VirtualHost>
# END: HTTPS vhosts list

##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################

<VirtualHost 50.97.x.x:80>
  ServerName exampledomain.com
    ServerAlias mail.exampledomain.com www.exampledomain.com
  DocumentRoot /home/exampledomain/public_html
  ServerAdmin [email protected]
  UseCanonicalName Off
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl

  ## User exampledomain # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
        <IfModule !mod_passenger.c>
          UserDir enabled exampledomain
        </IfModule>
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule include_module>
    <Directory "/home/exampledomain/public_html">
      SSILegacyExprParser On
    </Directory>
  </IfModule>

 

  <IfModule suphp_module>
    suPHP_UserGroup exampledomain exampledomain
  </IfModule>
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup exampledomain exampledomain
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid exampledomain exampledomain
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID exampledomain exampledomain
  </IfModule>
  <IfModule mod_passenger.c>
    PassengerUser exampledomain
    PassengerGroup exampledomain
  </IfModule>

  <IfModule security2_module>
    SecRuleEngine Off
  </IfModule>


    # Global DCV Rewrite Exclude
    <IfModule rewrite_module>
        RewriteOptions Inherit
    </IfModule>



  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/std/2_4/exampledomain/exampledomain.com/*.conf"
</VirtualHost>
<VirtualHost 50.97.x.x:443>
  ServerName exampledomain.com
  ServerAlias mail.exampledomain.com www.exampledomain.com webdisk.exampledomain.com cpcontacts.exampledomain.com cpanel.exampledomain.com webmail.exampledomain.com cpcalendars.exampledomain.com
  DocumentRoot /home/exampledomain/public_html
  ServerAdmin [email protected]
  UseCanonicalName Off
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl

  ## User exampledomain # Needed for Cpanel::ApacheConf
  <IfModule userdir_module>
    <IfModule !mpm_itk.c>
      <IfModule !ruid2_module>
        <IfModule !mod_passenger.c>
          UserDir enabled exampledomain
        </IfModule>
      </IfModule>
    </IfModule>
  </IfModule>

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  <IfModule mod_include.c>
    <Directory "/home/exampledomain/public_html">
      SSILegacyExprParser On
    </Directory>
  </IfModule>

 
  <Proxymatch ^https?://127\.0\.0\.1:(2082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
       <IfModule security2_module>
          SecRuleEngine Off
       </IfModule>
  </Proxymatch>

  <IfModule mod_suphp.c>
    suPHP_UserGroup exampledomain exampledomain
  </IfModule>
  <IfModule suexec_module>
    <IfModule !mod_ruid2.c>
      SuexecUserGroup exampledomain exampledomain
    </IfModule>
  </IfModule>
  <IfModule ruid2_module>
    RMode config
    RUidGid exampledomain exampledomain
  </IfModule>
  <IfModule mpm_itk.c>
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID exampledomain exampledomain
  </IfModule>
  <IfModule mod_passenger.c>
    PassengerUser exampledomain
    PassengerGroup exampledomain
  </IfModule>

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>
  <IfModule ssl_module>
    SSLEngine on
    
    SSLCertificateFile /var/cpanel/ssl/apache_tls/exampledomain.com/combined

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/exampledomain/public_html/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
  </IfModule>




  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/ssl/2_4/exampledomain/exampledomain.com/*.conf"

    <IfModule headers_module>
    RequestHeader set X-HTTPS 1
    </IfModule>

    RewriteEngine On
            RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
            RewriteCond %{HTTP_HOST} =cpcalendars.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpcalendars.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
            RewriteCond %{HTTP_HOST} =cpcontacts.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpcontacts.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
            RewriteCond %{HTTP_HOST} =webdisk.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =webdisk.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
        ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
            RewriteCond %{HTTP_HOST} =webmail.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =webmail.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
        ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0

            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com [OR]
                RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com:443

            RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                RewriteCond %{HTTP_HOST} =webmail.exampledomain.com [OR]
                RewriteCond %{HTTP_HOST} =webmail.exampledomain.com:443

            RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
</VirtualHost>
# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!