Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Random 403 errors with apache+php-fpm

Tags:

On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I'm getting random 403 errors.

I say "random" because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.

The server is running some websites (about a dozen), with various kind of solutions (a couple of Wordpress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).

I'd also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.

like image 331
Massimiliano Arione Avatar asked Sep 27 '16 08:09

Massimiliano Arione


1 Answers

Is `mod_evasive' enabled ? To see please try

ls /etc/apache2/mods-enabled/ and if you see mod-evasive.load the apache module mod-evasive is enabled.

The goal of this module is to deny access with a 403 request when too many request come from the same pc(ip) or or when a lot of pages were viewed in a short amount of time. The ip is somewhat blocked for a certain period of time. Sometimes refreshing the page can fix the problem, but it is still annoying.

What you can do is

1)to disable it with a2dismod mod-evasive and service apache2 restart

or

2)Find the httpd.conf file and modify the different parameters. Increase the thresholds for mod_evasive to be less sensitive

modify the default value by something like:

<IfModule mod_dosevasive.c>      DOSHashTableSize 3097      DOSPageCount 5      DOSSiteCount 100      DOSPageInterval 1      DOSSiteInterval 1      DOSBlockingPeriod 2  </IfModule> 

MODEV_DOSPageCount This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.

MODEV_DOSPageInterval The interval for the page count threshhold; defaults to 1 second intervals.

etc... You can change them

All the parameters and best solutions are explained here

https://wiki.atomicorp.com/wiki/index.php/Mod_evasive

like image 131
Michael GEDION Avatar answered Oct 05 '22 23:10

Michael GEDION