MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: Spacedust on 2013-02-27, 03:46:59

Title: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 03:46:59
I've checked all and seems all nginx and apache configs are ok but I got 403 Errors on all this customer domains.

Code: [Select]
/script/fixweb --client=clientname
didn't helped.
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 03:50:35
Take a look at this nginxproxy config for one of his domains:

Code: [Select]
### begin content - please not remove this line


## web for 'film.super.xxx.pl'
server {
    listen *:80;

    server_name film.super.xxx.pl www.film.super.xxx.pl;

    index index.php index.html index.shtml index.htm default.htm Default.aspx Default.asp index.pl;

    set $domain 'film.super.xxx.pl';

    set $rootdir '/home/kaplan161/film.super.xxx.pl';

    root $rootdir;

    set $user 'kaplan161';

    access_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-custom_log' main;
    error_log  '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-error_log';

    set $statstype 'stats';

    include '/home/nginx/conf/globals/webalizer.conf';

    set $fpmport '52336';

    include '/home/nginx/conf/globals/proxy.conf';

    location ^~ /(.*) {
        deny   121.168.39.168;
        deny   71.19.255.42;
        allow  all;
    }

    include '/home/nginx/conf/globals/generic.conf';
}


## webmail for 'film.super.xxx.pl' handled by ../webmails/webmail.conf


## web for 'film.super.xxx.pl'
server {
    listen *:443;

    ssl on;
    ssl_certificate /home/kloxo/httpd/ssl/eth0___localhost.crt;
    ssl_certificate_key /home/kloxo/httpd/ssl/eth0___localhost.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    server_name film.super.xxx.pl www.film.super.xxx.pl;

    index index.php index.html index.shtml index.htm default.htm Default.aspx Default.asp index.pl;

    set $domain 'film.super.xxx.pl';

    set $rootdir '/home/kaplan161/film.super.xxx.pl';

    root $rootdir;

    set $user 'kaplan161';

    access_log '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-custom_log' main;
    error_log  '/home/httpd/film.super.xxx.pl/stats/film.super.xxx.pl-error_log';

    set $statstype 'stats';

    include '/home/nginx/conf/globals/webalizer.conf';

    set $fpmport '52336';

    include '/home/nginx/conf/globals/proxy.conf';

    location ^~ /(.*) {
        deny   121.168.39.168;
        deny   71.19.255.42;
        allow  all;
    }

    include '/home/nginx/conf/globals/generic.conf';
}


## webmail for 'film.super.xxx.pl' handled by ../webmails/webmail.conf


### end content - please not remove this line
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 03:58:51
This is causing such error:

Code: [Select]
   location ^~ /(.*) {
        deny   121.168.39.168;
        deny   71.19.255.42;
        allow  all;

After removing it or readding domain it disappears. Can you tell me why ? What are these IP addresses ? Customer and I did not add them to allowed/denied IP's ...
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 04:09:04
Maybe rkhunter added this or fail2ban ?
Title: Re: 403 Error on all customer domain
Post by: MRatWork on 2013-02-27, 04:40:50
Find out on Panel. Possible you add blocked ips.
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 04:43:56
Quote from: "MRatWork"
Find out on Panel. Possible you add blocked ips.

Yes, he added but then removed them and this caused 403 Forbidden. Please investigate maybe there is a bug.
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 23:04:06
I see some changes related to this issue. Is this finally fixed right now ?
Title: Re: 403 Error on all customer domain
Post by: MRatWork on 2013-02-27, 23:09:58
Quote from: "Spacedust"
I see some changes related to this issue. Is this finally fixed right now ?
Look like ok in my test. Possible issue on apache rather than nginx.
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 23:16:49
Quote from: "MRatWork"
Quote from: "Spacedust"
I see some changes related to this issue. Is this finally fixed right now ?
Look like ok in my test. Possible issue on apache rather than nginx.

So /script/fixweb is needed again ?
Title: Re: 403 Error on all customer domain
Post by: MRatWork on 2013-02-27, 23:23:36
Need cleanup and then fixweb.

Simple solution... change 'Deny IP1, IP2' to 'Deny IP1 IP2' (remember, just remove comma) on apache domain config.
Title: Re: 403 Error on all customer domain
Post by: Spacedust on 2013-02-27, 23:28:44
Quote from: "MRatWork"
Need cleanup and then fixweb.

Simple solution... change 'Deny IP1, IP2' to 'Deny IP1 IP2' (remember, just remove comma) on apache domain config.

Good. What if I don't have such denied IP's now and will just upgrade Kloxo ?

Also I see new watchdog on port 50000, so a lot of changes ;)
Title: Re: 403 Error on all customer domain
Post by: MRatWork on 2013-02-27, 23:40:23
Watchdog for port 5000 (php-fpm) cancelled because always false detected by watchdog. So, back to previous idea (just detect port 80). If port 80 down, then check what's webserver type and use php-fpm or not.