Client denied by server configuration in /var/log/httpd/error_log
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Client denied by server configuration in /var/log/httpd/error_log
I have 6 different websites on my hosting and all of them work as they should. When I try to upload images to a vBulletin 5 post I get "Client denied by server configuration" for various files in various directories under /home/www/html/forum-name.
I've been reading about the changes between Apache 2.2 and 2.4 (I have the newest software so it should be 2.4, all updated and upgraded todat), and "Require all denied" in /etc/httpd/conf/httpd.conf, but I am not sure if this is it. If all other websites work, why this one would not work.
SeLinux is disabled so this can be taken out of the equations as a whole. And in general the forum works, it just seems to be some problem with image / attachments uploads and the reason could be this access denial, but I am not sure what this is. This is something related to Apache, and no permissions or anything like that (based on the fact that the info comes from the error_log).
###Edit:
This is 403 errors.
###Edit2:
httpd.com is correct, the access is granted to the /home/www/html and everything underneath it in this config file. The VirtualHost config / directive is correct too, so I am not sure about the source of this error, and if there is any way to check that.
Last edited by AdultFoundry; 07-21-2016 at 12:31 PM.
Check the apache error logs for details about what's causing the error message. Things like openbasedir or other incorrect apache settings can cause that error, and the error log should give you the details.
I run httpd -t and it returns Syntax OK. Virtual Host config is also ok (the most basic and it works on 6 other sites), as I've mentioned before. So basically this is related to just one site, and I am not sure if there is a place where I can find the info about what may be causing this. This may be related to image / attachments uploads to vBulletin posts. So I try to add an image to this post as an upload, and I would get something like the above in the error_log. So maybe not this domain related but upload related as I was not uploading to the other sites.
###Edit:
.htaccess is good too, as is the default for vBulletin 5, and this worked on a different hosting I think. So brand new and the newest Centos7, Apache, and some sort of congif somewhere is causing this. All installed with yum, the most standard and basic install and so on. update and upgrade done.
Last edited by AdultFoundry; 07-22-2016 at 04:54 AM.
- A PUT request was received; a 403 is the default response. Access can be granted with limitexcept (2.2) or mod_allowmethods (2.4).
or:
- Using mod_security with an explicit directive to deny access. Altering or commenting out the offending directives from that module will resolve the issue.
I have installed mod_security as an addition, I think, but I was not adding or changing any settings of that.
This is not for just one site, I get it for all the sites.
client denied by server configuration: /home/www/html/site-one/wp-login.php, referer: http://somenamehere.site-one.com/wp-login.php
client denied by server configuration: /home/www/html/site-two/startup.php
client denied by server configuration: /home/www/html/site-three/captcha
client denied by server configuration: /home/www/html/site-four/core/image.php, referer: http://site-four.com/
So some aspect of the config is wrong. Like I said, this is a basic / standard installation, only the necessary / standard config changes have been done. I think that I have added mod_security and mod_evasive too (some two security modules, according to one of the articles from a good website on the Net).
###Edit:
I have 21,579 entries like this in the error log for the past week. All the sites get around 1,000 people per day, so it is slow sites. A lot of people gets blocked by something here.
Last edited by AdultFoundry; 07-24-2016 at 04:47 AM.
I would try to unload (comment LoadModule lines in config) each non mandatory apache module then restart apache for testing
1) I was reading somewhere that "client denied by server configuaration" would not relate to the permissions, as this is the "server configuration". I am to stating that this is true / correct, but this is what I've been reading. I've checked /wordpress-blog-folder/wp-login.php and this is 755-644, so this looks like it should work, but it's been getting the denial message.
2) I will check the modules, like you've suggested here.
I've installed mod_security and mod_evasive bases on that, but I did not configure it / did not make any changes. I think that this affects httpd in some ways, and it may be causing these issues, I am not sure. I am assuming that the httpd would not be blocking all these things by default, but I am not sure. I will try to turn it off now and check, as suggested above.
###Edit:
mod_evasive and / or mod_security installed but not configured, maybe this is the problem...
Last edited by AdultFoundry; 07-24-2016 at 05:17 AM.
This may be mod_security, and some info from the error_log overlaps with /var/log/httpd/modsec_audit.log (I did not check exactly, but I see some of these things there). Is there any easy way to uninstall and delete all the files related to mod_evasive and mod_security? I've been reading about it on the Internet, but I haven't seen anything like one command for each, and it would work.
I will just uninstall both and the issue should be fixed, as I dont have time for researching this and working on configurations. I may come back to these things later on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.