Applicable to:
- Plesk for Linux
Symptoms
-
The website shows an error similar to the following one:
CONFIG_TEXT: 403 Forbidden
-
The log file
/var/www/vhosts/system/example.com/logs/error_log
contains errors like the following:CONFIG_TEXT: AH01797: client denied by server configuration: /var/www/vhosts/example.com/index.php
- IP is being banned by Fail2Ban after browsing WordPress Admin dashboard.
Cause
Custom Apache configuration does not allow access to the website.
Resolution
- Login into Plesk;
-
Go to Domains > example.com > Apache & nginx Settings > Additional HTTP/HTTPS directives and add "#" sign before directives similar to the ones below:
CONFIG_TEXT: Deny from all
CONFIG_TEXT: <Location /example>
Require all denied
</Location>Another example - spam-bot blocker rule:
CONFIG_TEXT: SetEnvIfNoCase User-Agent "some_bot" bad_bot
Deny from env=bad_bot -
Connect to the server via SSH and check if there are any
.htaccess
files in the domain's document root directory:NOTE: Replace example.com with the actual domain's name
# find /var/www/vhosts/example.com/httpdocs/ -name ".htaccess"
/var/www/vhosts/example.com/httpdocs/example/.htaccess
/var/www/vhosts/example.com/httpdocs/example2/.htaccess
/var/www/vhosts/example.com/httpdocs/.htaccess -
Review the content of all
.htaccess
files with a text editor and disable restrictive settings that prevent access to the site by adding the "#" sign before "Deny" directives.
Comments
10 comments
good one
And if the error is "AH01797: client denied by server configuration: /usr/share/plesk-service.localdomain/"????
How do I find out what process is trying to get the local website? Could it be nginx access to the apache server? Redirection of an external request?
Where can I reconfigure the web access permissions for this folder? It doesn't have any htaccess in it.
Hi @Nerque,
We would like to review the described behavior more closely. Could you submit a request to Plesk support using the link?
https://support.plesk.com/hc/en-us/requests/new
In this case I didn't buy the license directly from Plesk, so I don't think I can use the form you indicate.
I just need to know which process gives access to that folder, and which is its configuration file.
I have thought that maybe it is due to internal monitoring (Zabbix agent, Watchdog ...), but not knowing what url leads to that message, or where to configure such access, I am somewhat lost.
Hi Nerque,
If it's from an external server, then it's expected because plesk-service.localdomain is only available from localhost
Also, if the source requesting it is not localhost (for example it's 127.0.0.1), then it's the bug PPPM-11377, and as a workaround:
Log in to Plesk over SSH
Open the file /usr/local/psa/admin/conf/templates/default/server/pleskServiceLocaldomain.php with your favourite text editor
Replace localhost by 127.0.0.1:
<Directory " <!--?php echo HTTPD_SERVICE_VHOST_D ?--> ">
AllowOverride None
Options None
<!--?php if ($VAR->server->webserver->apache->useRequireOption): ?-->
Require host localhost
<!--?php endif; ?-->
Order deny,allow
Deny from all
Allow from localhost
Reconfigure web service:
# plesk repair web
Thanks a lot.
I suppose this is the template with which Plesk generates the configuration file for this service, but where is the configuration generated? I'll make the change in the template, but I prefer to change the settings manually so I don't have to use the plesk repair command.
I like to understand things, so I have several questions from the instructions you gave me. I hope it's not too much (I'll try to investigate it on my own as well)
I've tried to search for this bug, but nothing. Where can I find information about this bug?
I'm using the Obsidian 18.0.24.
You say that if access is attempted from an external server, then it's normal. But how is that possible? How can the system expose an access to /usr/share/plesk-service.localdomain? In other words, what is the url that redirects to the index.html located in that folder?
About pleskServiceLocaldomain.php template, why does this use the allow and deny directives when this version of plesk uses apache 2.4? I guess the templates add the needed require directive for use with 2.4, but why the deny/allow directives are also used?
You have marked the localhost used by the Allow directive in bold. But as far as I know, Apache 2.4 doesn't use this directive, it uses Require. So, do I have to change "Require host localhost" to "Require ip 127.0.0.1"?
Again, thank you very much
I see that this template applies to "/etc/httpd/conf/plesk.conf.d/server.conf". I didn't expect that.
But at least I see where the directives are for the plesk-service.localdomain
Hi Nerque,
You can find more information about this bug here:
[BUG] Multiple errors in Apache error log file from Plesk: client denied by server configuration /usr/share/plesk-service.localdomain/
Thank you very much.
It seems that I don't have much skill searching the Plesk website :-).
I am experiencing this error and there is no .htaccess or additional http directives specified.
When I disable nginx proxy mode it works normal.
Please sign in to leave a comment.