MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: Spacedust on 2013-02-27, 03:46:59
-
I've checked all and seems all nginx and apache configs are ok but I got 403 Errors on all this customer domains.
/script/fixweb --client=clientname
didn't helped.
-
Take a look at this nginxproxy config for one of his domains:
### begin content - please not remove this line
## web for 'film.super.xxx.pl'
server {
listen *:80;
server_name film.super.xxx.pl www.film.super.xxx.pl;
index index.php index.html index.shtml index.htm default.htm Default.aspx Default.asp index.pl;
set $domain 'film.super.xxx.pl';
set $rootdir '/home/kaplan161/film.super.xxx.pl';
root $rootdir;
set $user 'kaplan161';
access_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-custom_log' main;
error_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-error_log';
set $statstype 'stats';
include '/home/nginx/conf/globals/webalizer.conf';
set $fpmport '52336';
include '/home/nginx/conf/globals/proxy.conf';
location ^~ /(.*) {
deny 121.168.39.168;
deny 71.19.255.42;
allow all;
}
include '/home/nginx/conf/globals/generic.conf';
}
## webmail for 'film.super.xxx.pl' handled by ../webmails/webmail.conf
## web for 'film.super.xxx.pl'
server {
listen *:443;
ssl on;
ssl_certificate /home/kloxo/httpd/ssl/eth0___localhost.crt;
ssl_certificate_key /home/kloxo/httpd/ssl/eth0___localhost.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name film.super.xxx.pl www.film.super.xxx.pl;
index index.php index.html index.shtml index.htm default.htm Default.aspx Default.asp index.pl;
set $domain 'film.super.xxx.pl';
set $rootdir '/home/kaplan161/film.super.xxx.pl';
root $rootdir;
set $user 'kaplan161';
access_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-custom_log' main;
error_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-error_log';
set $statstype 'stats';
include '/home/nginx/conf/globals/webalizer.conf';
set $fpmport '52336';
include '/home/nginx/conf/globals/proxy.conf';
location ^~ /(.*) {
deny 121.168.39.168;
deny 71.19.255.42;
allow all;
}
include '/home/nginx/conf/globals/generic.conf';
}
## webmail for 'film.super.xxx.pl' handled by ../webmails/webmail.conf
### end content - please not remove this line
-
This is causing such error:
location ^~ /(.*) {
deny 121.168.39.168;
deny 71.19.255.42;
allow all;
After removing it or readding domain it disappears. Can you tell me why ? What are these IP addresses ? Customer and I did not add them to allowed/denied IP's ...
-
Maybe rkhunter added this or fail2ban ?
-
Find out on Panel. Possible you add blocked ips.
-
Find out on Panel. Possible you add blocked ips.
Yes, he added but then removed them and this caused 403 Forbidden. Please investigate maybe there is a bug.
-
I see some changes related to this issue. Is this finally fixed right now ?
-
I see some changes related to this issue. Is this finally fixed right now ?
Look like ok in my test. Possible issue on apache rather than nginx.
-
I see some changes related to this issue. Is this finally fixed right now ?
Look like ok in my test. Possible issue on apache rather than nginx.
So /script/fixweb is needed again ?
-
Need cleanup and then fixweb.
Simple solution... change 'Deny IP1, IP2' to 'Deny IP1 IP2' (remember, just remove comma) on apache domain config.
-
Need cleanup and then fixweb.
Simple solution... change 'Deny IP1, IP2' to 'Deny IP1 IP2' (remember, just remove comma) on apache domain config.
Good. What if I don't have such denied IP's now and will just upgrade Kloxo ?
Also I see new watchdog on port 50000, so a lot of changes ;)
-
Watchdog for port 5000 (php-fpm) cancelled because always false detected by watchdog. So, back to previous idea (just detect port 80). If port 80 down, then check what's webserver type and use php-fpm or not.