The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Odd 403 Forbidden errors

Discussion in 'General Discussion' started by blackice, Dec 19, 2005.

  1. blackice

    blackice Active Member

    Joined:
    Dec 21, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Oxfordshire UK
    Hi,

    On our machine, over all accounts on multiple domains, some files randomly give 403 forbidden errors. There's no pattern in which ones give 403s, though common ones i've observed include index.php, profile.php and request.php.

    I have found no pattern in any of this behaviour and am completely stumped as to what it might be. I'm not running suExec or anything of that sort, I do have mod_security but it's not the cause (Checked config and tried disabling)

    The odd thing is that the 403 only lasts for a minute at most, and then is accessible again.

    Any ideas?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That could possible be caused by mod_dosevasive/mod_evasive. If you're using it in httpd.conf try disabling the module load lines (2) and restart httpd.
     
  3. blackice

    blackice Active Member

    Joined:
    Dec 21, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Oxfordshire UK
    Indeed this appears to be the cause of the problem, and disabling it worked fine.

    Many thanks!
     
  4. akasharkbow

    akasharkbow Member

    Joined:
    Apr 9, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Toronto, Ontario, Canada
    I was having this problem on my server as well and this has fixed the problem. Thanks. I am wondering though, does disabling this open the server up to more attacks? Is there anything I should be concerned about?

    Thanks for your help.

    David J.
     
  5. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    You can modify the settings for your evasive configuration to prevent the block for occuring.
     
  6. akasharkbow

    akasharkbow Member

    Joined:
    Apr 9, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Toronto, Ontario, Canada
    Where do I go to do that?

    Thanks for your help.

    David H. Johnston
     
  7. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    16
    The module will not be loaded into your Apache. Probably a check / tweak on the mod_dosevasive/mod_evasive modules will help.
     
Loading...

Share This Page