Articles in this section

See more

Website is not accessible: 403 Forbidden AH01797: client denied by server configuration

Avatar
Dinara Aspembitova
Updated
Follow
Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

    • The website shows the error similar to below one in browser screen:

      CONFIG_TEXT: 403 Forbidden

in some configuration site unavailable with 504 TimeOut error

  • The log file /var/www/vhosts/system/example.com/logs/error_log contains errors like the following:

    CONFIG_TEXT: AH01797: client denied by server configuration: /var/www/vhosts/example.com/index.php

  •  IP is being banned by Fail2Ban after browsing WordPress Admin dashboard.

Cause

Custom Apache configuration does not allow access to the website. 

Resolution

  1. Login into Plesk;

  2. Go to Domains > example.com > Apache & nginx Settings > Additional HTTP directives and add "#" sign before directives similar to below ones:

    CONFIG_TEXT: Deny from all

    CONFIG_TEXT: <Location /example>
    Require all denied
    </Location>

  3. Check If there .htaccess files on the server:

    NOTE: Replace example.com with the actual domain name

    # find /var/www/vhosts/example.com/httpdocs/ -name ".htaccess"
    /var/www/vhosts/example.com/httpdocs/example/.htaccess
    /var/www/vhosts/example.com/httpdocs/example2/.htaccess
    /var/www/vhosts/example.com/httpdocs/.htaccess

  4. Review the content of all .htaccess files and disable settings that prevents access to the site by adding the "#" sign before the directives containing words "Deny" in text editor.

Comments

9 comments

Sort by Date Votes
  • Avatar
    Palcomonline

    good one

    0
    Comment actions Permalink
  • Avatar
    Nerque

    And if the error is "AH01797: client denied by server configuration: /usr/share/plesk-service.localdomain/"????

    How do I find out what process is trying to get the local website? Could it be nginx access to the apache server? Redirection of an external request?

    Where can I reconfigure the web access permissions for this folder? It doesn't have any htaccess in it.

    0
    Comment actions Permalink
  • Avatar
    Maxim Krasikov

    Hi @Nerque,

    We would like to review the described behavior more closely. Could you submit a request to Plesk support using the link?
    https://support.plesk.com/hc/en-us/requests/new

    0
    Comment actions Permalink
  • Avatar
    Nerque

    In this case I didn't buy the license directly from Plesk, so I don't think I can use the form you indicate.
    I just need to know which process gives access to that folder, and which is its configuration file.
    I have thought that maybe it is due to internal monitoring (Zabbix agent, Watchdog ...), but not knowing what url leads to that message, or where to configure such access, I am somewhat lost.

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Nerque,

    If it's from an external server, then it's expected because plesk-service.localdomain is only available from localhost

    Also, if the source requesting it is not localhost (for example it's 127.0.0.1), then it's the bug PPPM-11377, and as a workaround:

    1. Log in to Plesk over SSH

    2. Open the file /usr/local/psa/admin/conf/templates/default/server/pleskServiceLocaldomain.php with your favourite text editor

    3. Replace localhost by 127.0.0.1:

      <Directory " <!--?php echo HTTPD_SERVICE_VHOST_D ?--> ">
      AllowOverride None
      Options None
      <!--?php if ($VAR->server->webserver->apache->useRequireOption): ?-->
      Require host localhost
      <!--?php endif; ?-->
      Order deny,allow
      Deny from all
      Allow from localhost

    4. Reconfigure web service:

      plesk repair web

    0
    Comment actions Permalink
  • Avatar
    Nerque

    Thanks a lot.

    I suppose this is the template with which Plesk generates the configuration file for this service, but where is the configuration generated? I'll make the change in the template, but I prefer to change the settings manually so I don't have to use the plesk repair command.

    I like to understand things, so I have several questions from the instructions you gave me. I hope it's not too much (I'll try to investigate it on my own as well)

    I've tried to search for this bug, but nothing. Where can I find information about this bug?

    I'm using the Obsidian 18.0.24.

    You say that if access is attempted from an external server, then it's normal. But how is that possible? How can the system expose an access to /usr/share/plesk-service.localdomain? In other words, what is the url that redirects to the index.html located in that folder?

    About pleskServiceLocaldomain.php template, why does this use the allow and deny directives when this version of plesk uses apache 2.4? I guess the templates add the needed require directive for use with 2.4, but why the deny/allow directives are also used?

    You have marked the localhost used by the Allow directive in bold. But as far as I know, Apache 2.4 doesn't use this directive, it uses Require. So, do I have to change "Require host localhost" to "Require ip 127.0.0.1"?

    Again, thank you very much

    0
    Comment actions Permalink
  • Avatar
    Nerque

    I see that this template applies to "/etc/httpd/conf/plesk.conf.d/server.conf". I didn't expect that.

    But at least I see where the directives are for the plesk-service.localdomain

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Nerque,

    You can find more information about this bug here:

    [BUG] Multiple errors in Apache error log file from Plesk: client denied by server configuration /usr/share/plesk-service.localdomain/

    0
    Comment actions Permalink
  • Avatar
    Nerque

    Thank you very much.

    It seems that I don't have much skill searching the Plesk website :-).

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles