16

I face strange random 403 error on a Debian serveur with Plesk 12.5 and apache 2.2.

There are several domains on the server but only one domain faces this.

Rondomly, it seems that it tries to display the directory listing instead of serve the index.php file. So, sometimes, it through a 403 error and when refresh the page, it's ok with a 200 status.

In error_log, I read lots of :

[error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive

The DirectoryIndex was not present in httpd.conf file so I added the rule in additional directives for the domain via the Plesk Web Interface with no luck.

I'm kind of stuck with this.

Any help would be appreciated.

Let me know if you need more info.

Thank you.

EDIT :

Webroot .htaccess content

# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>

RewriteEngine on


#Domain: www.domain.tld
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]

RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/woff2 .woff2
AddType application/x-font-woff .woff
<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType text/javascript "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType application/x-javascript "access plus 1 week"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType font/opentype "access plus 1 year"
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType application/x-font-ttf "access plus 1 year"
    ExpiresByType application/x-font-otf "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
    Header unset Etag
</IfModule>
FileETag none
<IfModule mod_deflate.c>
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype image/svg+xml
    </IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
Community
  • 1
  • 1
JazZ
  • 4,469
  • 2
  • 20
  • 40
  • Did you restart the apache2 service after adding that DirectoryIndex rule in the apache2 config? You should add it via Plesk Web Inteface not manually by editing the files via ssh. – Bogdan Stoica Aug 07 '17 at 13:11
  • @BogdanStoica Yes, I did it via the Plesk Web Interface. – JazZ Aug 07 '17 at 13:15
  • And do you have a index.php file for that site? the location should be /var/www/vhosts/domain.com/httpdocs/index.php – Bogdan Stoica Aug 07 '17 at 13:18
  • @BogdanStoica Yes, it's there, with good permissions and owner/group. – JazZ Aug 07 '17 at 13:19
  • Well that's really strange... I would contact Plesk support if I were you... Since you have a paid license, you have included tech support as well – Bogdan Stoica Aug 07 '17 at 13:25
  • @BogdanStoica, already done. They told me to add the DirectoryIndex rules but nothing much... = / – JazZ Aug 07 '17 at 13:27
  • I'll open a new ticket. Thank you anyway @BogdanStoica. ; ) – JazZ Aug 07 '17 at 13:28
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/151277/discussion-between-bogdan-stoica-and-jazz). – Bogdan Stoica Aug 07 '17 at 13:28
  • Is there any `.htaccess` at that site's webroot directory, and if there is, what rules it has inside? A good thing to do, it to check open a shell and use commands to search for all `.htaccess` files in all that webroot directories. – Christos Lytras Aug 12 '17 at 08:49
  • @ChristosLytras Yes, there is one. It's automatically generated by Prestashop. – JazZ Aug 12 '17 at 08:58
  • @ChristosLytras added the .htaccess content to the question. – JazZ Aug 12 '17 at 09:03
  • There must be something wrong with the `# Dispatcher` section. And I don't see an opening tag for that closing `` at the same section. Is there a way to re-generate that `.htaccess` or replace it with a default from another setup? **EDIT** There is an opening ``, I just saw it now. – Christos Lytras Aug 12 '17 at 09:12
  • @ChristosLytras thanks, just regenerated it but no diff… – JazZ Aug 12 '17 at 09:34
  • You're dealing with some missconfiguration here. Try to follow this post https://www.prestashop.com/forums/topic/12080-403-error/ and add `Options FollowSymLinks` at the top of `.htaccess` after the `RewriteEngine on` directive. – Christos Lytras Aug 12 '17 at 14:15
  • @ChristosLytras `FollowSymLink` rule is already set in the Apache directives for the domain. I tried to add it in .htaccess anyway but still same issue. – JazZ Aug 12 '17 at 15:04
  • Have you checked the access log files for further details about the 403 errors? Maybe there are clues regarding these errors that will help you debug this really strange situation. – Christos Lytras Aug 12 '17 at 17:24
  • @ChristosLytras Nothing about those 403 errors in access_log and proxy_access_log. Is it possible ? – JazZ Aug 12 '17 at 19:00
  • Can you show what error appears in proxy_error_log when apache reports Directory index forbidden by Options directive? Does this error appear on main page only of on other pages too? – Elvis Plesky Aug 15 '17 at 08:59
  • @ElvisPlesky Hello, nothing showed about that error in proxy_error_log. Yes, it happens on other pages too. – JazZ Aug 15 '17 at 11:50
  • 2
    Can you check the time-stamp over index file? 403 error can appear when index file cannot be found or accessed by webserver. Maybe it changes on disc at the moment of 403 errors? For test try to create some test file and include it into index. So if the problem is in it, instead of 403 you should see the content of test file. – Elvis Plesky Aug 16 '17 at 01:18
  • @ElvisPlesky I checked the index.php time-stamp and it not changed recently. I did the include test too but still 403. – JazZ Aug 16 '17 at 10:16
  • Have you tried checking the `Requests` when the error occurs? I mean, by checking the behaviour with/without www or with http/https or the combination of www/https/http or without www. Btw, can you reproduce the error by refreshing the page? – Miguel Ortiz Jun 26 '18 at 20:36
  • What's your preferred domain configuration in Plesk for that website? – Miguel Ortiz Jun 26 '18 at 20:42
  • Thanks for your comment @MiguelOrtiz but I had to migrate the website. I can't test anymore. Still don't know what was going on... – JazZ Jun 27 '18 at 04:40

0 Answers0