On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I'm getting random 403 errors.
I say "random" because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.
The server is running some websites (about a dozen), with various kind of solutions (a couple of Wordpress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).
I'd also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.
Is `mod_evasive' enabled ? To see please try
ls /etc/apache2/mods-enabled/
and if you see mod-evasive.load the apache module mod-evasive is enabled.
The goal of this module is to deny access with a 403 request when too many request come from the same pc(ip) or or when a lot of pages were viewed in a short amount of time. The ip is somewhat blocked for a certain period of time. Sometimes refreshing the page can fix the problem, but it is still annoying.
What you can do is
1)to disable it with a2dismod mod-evasive
and service apache2 restart
or
2)Find the httpd.conf file and modify the different parameters. Increase the thresholds for mod_evasive to be less sensitive
modify the default value by something like:
<IfModule mod_dosevasive.c> DOSHashTableSize 3097 DOSPageCount 5 DOSSiteCount 100 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 2 </IfModule>
MODEV_DOSPageCount
This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.
MODEV_DOSPageInterval
The interval for the page count threshhold; defaults to 1 second intervals.
etc... You can change them
All the parameters and best solutions are explained here
https://wiki.atomicorp.com/wiki/index.php/Mod_evasive
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With