Plesk websites return Apache error 403 on May 26, 2023: client denied by server configuration

Follow

Comments

4 comments

  • Avatar
    Roman Krakov

    Server's external IP also have to be whitelisted (DOSWhitelist xxx.xxx.xxx.xxx) to resolve the issue.

    1
    Comment actions Permalink
  • Avatar
    Martin Gojowsky (Edited )

    Yes exactly. We also struggled with this until we saw in the httpd service status message that our external IP has been banned by mod_evasive.

     

    Edit: a hint has been added to article now, thank you.

    0
    Comment actions Permalink
  • Avatar
    Stephan Mol (Edited )

    Same here, spent almost two hours trying to find out what was going on. Fortunately this article now exists, great job on posting it so quickly! Although too late for us others will find this very useful. Do not forget to also add the servers IPv6 address if applicable. The external/resolvable servers IP address(es).

    No one changed at thing and suddenly this morning customers were facing intermittent downtime. Via mentioned line coming by colored in red (is why it stood out) on a journalctl tail I ended up reading about mod_evasive at https://www.howtogeek.com/devops/how-to-configure-mod_evasive-for-apache-ddos-protection/ and trying to fix it by adding the servers IP addresses to this DOSWhitelist, and that solved the incident.

    I purposely have auto updates of both Plesk and OS packages disabled, to have the control myself on a set interval and try to prevent surprises like this from happening. So find this out about the automatic installation of these OS package was quite irritating causing this incident:

    ...

    May 24 03:40:36 Updated: 1:aum-6.0.48-29078.el7.art.x86_64
    May 25 03:33:42 Updated: 1:aum-6.0.48-29360.el7.art.x86_64
    May 26 03:55:27 Updated: 1:aum-6.0.48-29375.el7.art.x86_64
    May 26 03:56:12 Installed: mod_evasive-1.10.1-22.el7.x86_64
    May 26 03:56:15 Installed: mod_qos-11.70-1.el7.x86_64

    ...

    Apperently the WAF is resposible for that.

    0
    Comment actions Permalink
  • Avatar
    Kimon Nouskalis

    We have the same problem. I have disable the Fail2Ban and atomicorp WAF but the problem still exists.

    I have whitelist the IP of the server restart the httpd service and waiting forward to see that is OK.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request