Applicable to:
- Plesk for Linux
Symptoms
While trying to browse a website, the error
403 Forbidden
appears:
CONFIG_TEXT: You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
The domain's error log
/var/www/system/example.com/logs/error_log
contains the following:
CONFIG_TEXT: (13)Permission denied: /var/www/vhosts/example.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://example.com/
OR
CONFIG_TEXT: (13)Permission denied: [client 203.0.113.2:39024] AH00529: /var/www/vhosts/example.com/httpdocs/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/example.com/httpdocs/' is executable
Cause
Apache service does not have proper permissions to
vhost
or
httpdocs
folder.
Resolution
- Set PHP Handler to FastCGI or PHP-FPM by nginx at Domains > example.com > Hosting Settings
- Make sure that 'dir' module is enabled in Plesk > Tools & Settings > Apache Web Server
- Connect to the server via SSH
-
Change domain's permissions to correct:
# chown systemuser.psaserv /var/www/vhosts/example.com
where <systemuser> is an owner of the subscription:
# chown systemuser.psaserv /var/www/vhosts/example.com/httpdocs
# chown -R systemuser.psacln /var/www/vhosts/example.com/httpdocs/*
and example.com is the name of an affected domain. -
If the issue persists, do the following:
For Debian:
-
Find the username that is used by the Apache service. This username is defined in the
APACHE_RUN_USERvariable in/etc/apache2/envvars. -
Add that user to the
psaservgroup. For example, if the Apache user iswww-data, you would add the user in thepsaservgroup as below:# usermod -a -G psaserv www-data
-
Restart web server
# service apache2 restart
For CentOS:
- Add the
apacheuser to thepsaservgroup:
# usermod -a -G psaserv apache
-
Restart web server
# service httpd restart
-
- Run plesk repair utulity:
# plesk repair fs -y
Note: If the server is running on Proxmox VE, this configuration not going to work as expected. Please contact Proxmox support for further assistance.
Comments
4 comments
HI!
just want to say, its not always the user.
sometimes its the group.
somehow it changed to psacln.
somehow example: client deleted the httpdocs folder and then recreated it.
so, solution is chown ftpuser:psaserv httpdocs in this situations
Hi @lev k , yes, that's correct, however article describes specific case when user is not in psaserv group
I am getting the same errors described in this article, but it does not look to be permissions.
After a service restart of Apache I can run the command:
lsof -c httpd | grep "apache-shm" | wc -l
And the count will be in the 20's or so.
As the day(s) go on that number will grow and grow up into the tens of thousands and eventually bomb websites on the Plesk server with a 403 error and the errors mentioned in the log files in this article.
Once it bombs out, the apache-shm count will go back down, sites will return to normal, but it will start to slowly climb back up.
Have had a support call/remote session with Plesk support, but have not had any luck finding a fix.
CentOS Linux release 7.5.1804
Plesk Onyx Version 17.5.3 Update #54
Hello @Brian,
As the issue is complex I suggest creating a follow-up ticket to Plesk support and double-check the issue.
Please sign in to leave a comment.