Hello all,

I'm trying to troubleshoot what appears to be a server problem, that is reporting the following message in my logfile - "Client denied by server configuration."

The server is operated by a host in the US, and I am the owner of the site, along with several other sites also on the same server. The company's tech support person seems to be baffled, so I am working on this on my own.

The messages appear inconsistently (as far as I can tell), and seem to be associated mainly with image files, but have also come with html and css files. Only occasional visitors (clients) get them, and I am one - when I check the operation of my site.

The server is running Cpanel - Cpanel Version/Build 9.9.8-CURRENT Build 17

Apache Version 1.3.31 (Unix)

The error is followed by a 403.shtml file, reported as File Not Found.

I can put up a 403 file so that people see something when the error occurs. Any suggestions as to what it should say?

I would sure appreciate any assistance to my problem. It's my goal to stay with this hosting company, and figure it out. The site was recently moved from another host, where this problem didn't occur.

If you'd like to check the site for yourself, please visit: www(dot)chops(dot)com

Thanks very much -
Gary

Well, it's been about a week, and I'm still getting this error message. So are my visitors.

Does anyone who is reading this have an idea of where to look? I can see that more than 30 people have checked this out, with no comments.

If you have a suggestion, it would be most appreciated. The problem seems to be some kind of permission error. The visitor hits the page, the error is sent back. The visitor hits the back button and the page gets served on the second or third try.

It's just too wierd. Should I just split and find a new web host, or is it worth trying to solve this?

Anyone?

Thanks very much,
CHOPS

First off, they need to update their apache, which means they are also running an outdated modssl. Second that issue sounds like a mod_security issue. They most likely have mod_security installed. Cpanel now allows you to install it with like 2 clicks. They are probably using it with the default config which breaks alot of stuff.

Hi Mr. Security,

Thanks much for taking the time to make your suggestions. It helped me learn, and speaking with my web host was informative also. He is responding with a good effort.

For the moment, he has furnished me with the following version information, and is asking if you'd take a look at it.

Here is the current server info from the box that chops.com is hosted on -

Server Version: Apache/1.3.31 (Unix) mod_throttle/3.1.2
mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9
FrontPage/5.0.2.2634a mod_ssl/2.8.19 OpenSSL/0.9.7a

He was aware that there is a "newer" version of Apache, but he is hesitant to update immediately, considering that the "latest and greatest" might create new problems for his other clients. I can understand that.

Would you be able to let me know what you think? Or anyone else who has information about this, please come forward!

Thanks much,
CHOPS

He needs to update. There is a security update / bugfix for both apache, and mod_ssl.

Thanks, I sent him your response - you are speaking of Apache 1.3.33, aren't you?

Apache 1.3.33 and ModSSL 2.8.22
While he is at it, have him check his kernel aswell.

Thanks much - if it is not too much trouble, would you be available to advise us by email, or would you prefer the forum?
I can be reached at gary@chops.com, if you would like to send an email directly to me.

Your help is greatly appreciated!

Warm regards,
Gary

Well, the web hosting company updated, thanks to your urging.

Here is what we are looking at now -

We have updated the server.

Server Version: Apache/1.3.33 (Unix) mod_throttle/3.1.2
mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9
FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a
Server Built: Nov 8 2004 14:48:31

A few hours after this was accomplished, I was testing my site and still saw the same errors. The problem appears to be unchanged, darn it!

Are there some settings for mod_security that need to be changed?

Your help is greatly appreciated. Thanks.
CHOPS

Originally posted by chops
Well, the web hosting company updated, thanks to your urging.

Here is what we are looking at now -

We have updated the server.

Server Version: Apache/1.3.33 (Unix) mod_throttle/3.1.2
mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9
FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a
Server Built: Nov 8 2004 14:48:31

A few hours after this was accomplished, I was testing my site and still saw the same errors. The problem appears to be unchanged, darn it!

Are there some settings for mod_security that need to be changed?

Your help is greatly appreciated. Thanks.
CHOPS


Mod_security should be configured to log to an "audit_log" Have the hosting company read that log and find the access dienied messages.

I've read this and forwarded it to them. I'm seeing the messages in the site's Error Log, still with the Client Denied message.

What can be changed in the configuration?

Are you using an apache module called mod_dosevasive?

Check yout httpd.conf and this URL:
www dot linuxforum dot com/linux_tutorials/66/1.php

Thanks - I'm checking it out and waiting for a reply.

Your idea is related to a security feature that resists DOS attacks, which is interesting, because the main place where I am seeing the 403 error is this:

I have a menu system that uses two very small gifs, called from a CSS. When a visitor comes to the page, these gifs are about the last thing to display and there are about 8 of them. On my system, it will display around 6 the first time, and then error.

They are tiny little plus signs or minus signs. I have also received the 403 error on CSS files associated with the page, as well as on the entire HTML file, but most commonly the error shows up when trying to display the gif files.

I really appreciate the assistance. It will be good to get this one solved - hopefully while I'm still young!

CHOPS