HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Random "forbidden" error with websites (http://www.howtoforge.com/forums/showthread.php?t=1806)

kokez 23rd December 2005 16:31

Random "forbidden" error with websites
 
Successful installation on a ppc platform (an Apple iMac 400 with 128Mb ram) following the 'ISP-Server Setup - Ubuntu 5.10 "Breezy Badger"'.

Only have a little problem at every boot with quota:
quotaon: using //quota.group on /dev/hda3 [/]: Function not implemented
quotaon: using //quota.user on /dev/hda3 [/]: Function not implemented
If it is a minor problem i can live with it.

A real problem is when i get web pages on browser. I receive a random "forbidden" error, that states that i cannot access the page. Restart Apache2 and for some time the result is as expected, no errors at all, after which the problem appear again, at the beginning after an inconsistent number of pages (or images) and then always more frequently until i am forced to restart Apache2.

The problem is NOT with the apache of ISPconfig, but only with apache2 for websites.

What can i do?

LC

till 23rd December 2005 16:36

Quote:

Originally Posted by kokez
Successful installation on a ppc platform (an Apple iMac 400 with 128Mb ram) following the 'ISP-Server Setup - Ubuntu 5.10 "Breezy Badger"'.

Only have a little problem at every boot with quota:
quotaon: using //quota.group on /dev/hda3 [/]: Function not implemented
quotaon: using //quota.user on /dev/hda3 [/]: Function not implemented
If it is a minor problem i can live with it.

Either your Kernel has not quota enabled or you have not modified the /etc/fstab correctly to enable quota on /dev/hda3

Quote:

A real problem is when i get web pages on browser. I receive a random "forbidden" error, that states that i cannot access the page. Restart Apache2 and for some time the result is as expected, no errors at all, after which the problem appear again, at the beginning after an inconsistent number of pages (or images) and then always more frequently until i am forced to restart Apache2.

The problem is NOT with the apache of ISPconfig, but only with apache2 for websites.
Strannge, never heard of that problem. Please compare the permissions of files that can be viewed in browser with files where you get an permission error. Do they have the same rights? Please check your apache log for errors.

kokez 23rd December 2005 17:05

This is the exact error:
----------
Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
----------

I have o lot of lines like this in /var/www/web1/log/error.log
----------
[Fri Dec 23 16:37:39 2005] [crit] [client 151.8.12.133] (24)Too many open files: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://mta.philstudium.com/
----------
but it is there not ".htaccess" in /var/www/web1/

And an extract from an ssh session:
----------
root@mta:/var/www# ls -l
total 20
drwxr-xr-x 2 root root 4096 2005-12-10 16:46 apache2-default
lrwxrwxrwx 1 root root 13 2005-12-14 17:12 mta.philstudium.com -> /var/www/web1
lrwxrwxrwx 1 root root 13 2005-12-10 18:37 phil.dw.lan -> /var/www/web1
drwxr-xr-x 2 root root 4096 2005-12-10 18:12 sharedip
drwxr-xr-x 10 web1_monica web1 4096 2005-12-14 21:20 web1
drwxr-xr-x 8 web3_claudio web3 4096 2005-12-15 04:00 web3
drwxr-xr-x 2 root root 4096 2005-12-10 17:12 webalizer
lrwxrwxrwx 1 www-data web2 13 2005-12-10 21:06 webmail.phil.dw.lan -> /var/www/web2
lrwxrwxrwx 1 www-data web3 13 2005-12-14 18:01 www.ittc.mta.philstudium.com -> /var/www/web3
lrwxrwxrwx 1 www-data web1 13 2005-12-10 18:33 www.phil.dw.lan -> /var/www/web1
root@mta:/var/www# cd web1
root@mta:/var/www/web1# ls -l
total 28
drwxr-xr-x 2 web1_monica web1 4096 2005-12-11 15:15 cgi-bin
drwxrwxr-x 3 web1_monica web1 4096 2005-12-10 18:33 ftp
drwxr-xr-x 2 web1_monica web1 4096 2005-12-10 18:33 log
lrwxrwxrwx 1 root root 38 2005-12-14 21:20 Maildir -> /var/www/web1/user/web1_monica/Maildir
drwxrwxrwx 2 web1_monica web1 4096 2005-12-10 18:33 phptmp
drwxr-xr-x 2 web1_monica web1 4096 2005-12-10 18:33 ssl
drwxr-xr-x 4 web1_monica web1 4096 2005-12-12 16:45 user
drwxrwxr-x 13 web1_monica web1 4096 2005-12-14 20:18 web
root@mta:/var/www/web1# cd web
root@mta:/var/www/web1/web# ls -l
total 48
drwxr-xr-x 3 web1_monica web1 4096 2005-12-10 18:41 2lang
drwxr-xr-x 3 web1_monica web1 4096 2005-12-11 13:12 cmsimple
drwxrwxrwx 2 web1_monica web1 4096 2005-12-14 21:17 content
drwxrwxrwx 2 web1_monica web1 4096 2005-12-10 20:08 downloads
drwxrwxr-x 2 web1_monica web1 4096 2005-12-10 18:33 error
drwxr-xr-x 3 web1_monica web1 4096 2005-12-10 18:41 images
-rw-r--r-- 1 web1_monica web1 39 2005-12-10 18:41 index.php
drwxr-xr-x 8 web1_monica web1 4096 2005-12-12 21:19 mail
drwxr-xr-x 2 web1_monica web1 4096 2005-12-10 18:41 plugins
drwxr-xr-x 2 web1_monica web1 4096 2005-12-12 04:00 stats
drwxr-xr-x 6 web1_monica web1 4096 2005-12-10 18:50 templates
drwxr-xr-x 2 web1_monica web1 4096 2005-12-12 21:05 wiz
----------

discovered 100+ MB of these after a "tail -f /var/log/apache2/error.log"
----------
[Fri Dec 23 17:01:10 2005] [notice] child pid 18276 exit signal Segmentation fault (11)
piped log program '/root/ispconfig/cronolog --symlink=/var/log/httpd/ispconfig_access_log /var/log/httpd/ispconfig_access_log_%Y_%m_%d' failed unexpectedly
----------

till 23rd December 2005 17:56

Quote:

Originally Posted by kokez
I have o lot of lines like this in /var/www/web1/log/error.log
----------
[Fri Dec 23 16:37:39 2005] [crit] [client 151.8.12.133] (24)Too many open files: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://mta.philstudium.com/
----------
but it is there not ".htaccess" in /var/www/web1/

Is there an .htaccess file in /var/www/web1/web/ ?
The webroot of the apache vhost is /var/www/web1/web/ and not /var/www/web1/

Is your server under heavy load or have you any services running that need so much file descriptors that all file descriptors are in use?

kokez 23rd December 2005 19:40

Quote:

Originally Posted by till
Is there an .htaccess file in /var/www/web1/web/ ?
The webroot of the apache vhost is /var/www/web1/web/ and not /var/www/web1/

was my typo, no ".htaccess" in /var/www/web1/web/


Quote:

Originally Posted by till
Is your server under heavy load or have you any services running that need so much file descriptors that all file descriptors are in use?

no, for sure the server is not under heavy load. Services are all on, except for bind. "ps -A" show this:

PID TTY TIME CMD
1 ? 00:00:02 init
2 ? 00:00:00 ksoftirqd/0
3 ? 00:00:02 events/0
4 ? 00:00:00 khelper
5 ? 00:00:00 kthread
21 ? 00:00:00 kblockd/0
54 ? 00:00:00 pdflush
55 ? 00:00:00 pdflush
57 ? 00:00:00 aio/0
56 ? 00:00:00 kswapd0
627 ? 00:00:00 khubd
1165 ? 00:00:02 kjournald
1328 ? 00:00:00 udevd
1820 ? 00:00:00 khpsbpkt
2454 ? 00:00:00 knodemgrd_0
3407 ? 00:00:00 dd
3409 ? 00:00:00 klogd
3421 ? 00:00:00 courierlogger
3422 ? 00:00:00 authdaemond.pla
3425 ? 00:00:00 authdaemond.pla
3426 ? 00:00:00 authdaemond.pla
3427 ? 00:00:00 authdaemond.pla
3428 ? 00:00:00 authdaemond.pla
3429 ? 00:00:00 authdaemond.pla
3440 ? 00:00:00 couriertcpd
3444 ? 00:00:00 courierlogger
3460 ? 00:00:00 couriertcpd
3462 ? 00:00:00 courierlogger
3475 ? 00:00:00 couriertcpd
3477 ? 00:00:00 courierlogger
3495 ? 00:00:00 couriertcpd
3497 ? 00:00:00 courierlogger
3513 ? 00:00:00 mysqld_safe
3550 ? 00:03:13 mysqld
3551 ? 00:00:00 logger
3672 ? 00:00:00 saslauthd
3673 ? 00:00:00 saslauthd
3674 ? 00:00:00 saslauthd
3675 ? 00:00:00 saslauthd
3676 ? 00:00:00 saslauthd
3688 ? 00:00:00 sshd
3708 ? 00:00:00 atd
3718 ? 00:00:00 cron
3781 ? 00:00:00 ispconfig_httpd
3782 ? 00:00:18 ispconfig_wconf
3787 ? 00:00:01 ispconfig_httpd
4007 ? 00:00:00 freshclam
4014 tty1 00:00:00 getty
4016 tty2 00:00:00 getty
4017 tty3 00:00:00 getty
3763 ? 00:00:00 master
3769 ? 00:00:00 qmgr
32046 ? 00:00:00 syslogd
3266 ? 00:00:00 proftpd
10417 ? 00:00:01 ispconfig_httpd
10540 ? 00:00:38 apache2
10546 ? 00:00:00 apache2
10547 ? 00:00:01 apache2
10548 ? 00:00:00 apache2
10549 ? 00:00:00 apache2
10608 ? 00:00:00 apache2
10614 ? 00:00:01 apache2
10615 ? 00:00:01 apache2
16483 ? 00:00:00 apache2
18263 ? 00:00:00 apache2
18470 ? 00:00:00 apache2
23939 ? 00:00:00 pickup
28958 ? 00:00:00 sshd
28961 ? 00:00:00 sftp-server
29540 ? 00:00:00 sshd
29543 pts/0 00:00:00 bash
29666 ? 00:00:00 sleep
29672 ? 00:00:00 apache2 <defunct>
29673 pts/0 00:00:00 ps

falko 24th December 2005 13:13

Quote:

Originally Posted by kokez
I have o lot of lines like this in /var/www/web1/log/error.log
----------
[Fri Dec 23 16:37:39 2005] [crit] [client 151.8.12.133] (24)Too many open files: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://mta.philstudium.com/
----------
but it is there not ".htaccess" in /var/www/web1/

root@mta:/var/www/web1/web# ls -l
total 48
drwxr-xr-x 3 web1_monica web1 4096 2005-12-10 18:41 2lang
drwxr-xr-x 3 web1_monica web1 4096 2005-12-11 13:12 cmsimple
drwxrwxrwx 2 web1_monica web1 4096 2005-12-14 21:17 content
drwxrwxrwx 2 web1_monica web1 4096 2005-12-10 20:08 downloads
drwxrwxr-x 2 web1_monica web1 4096 2005-12-10 18:33 error
drwxr-xr-x 3 web1_monica web1 4096 2005-12-10 18:41 images
-rw-r--r-- 1 web1_monica web1 39 2005-12-10 18:41 index.php
drwxr-xr-x 8 web1_monica web1 4096 2005-12-12 21:19 mail
drwxr-xr-x 2 web1_monica web1 4096 2005-12-10 18:41 plugins
drwxr-xr-x 2 web1_monica web1 4096 2005-12-12 04:00 stats
drwxr-xr-x 6 web1_monica web1 4096 2005-12-10 18:50 templates
drwxr-xr-x 2 web1_monica web1 4096 2005-12-12 21:05 wiz
----------

You have to use
Code:

ls -la
instead of
Code:

ls -l
to see files that begin with a dot. Try this; I'm sure there is a .htaccess file.

kokez 27th December 2005 19:03

no, there is not:

Code:

root@mta:~# ls -la /var/www/web1/web/
total 56
drwxrwxr-x  13 web1_monica web1 4096 2005-12-27 18:46 .
drwxr-xr-x  10 web1_monica web1 4096 2005-12-14 21:20 ..
drwxr-xr-x  3 web1_monica web1 4096 2005-12-10 18:41 2lang
drwxr-xr-x  3 web1_monica web1 4096 2005-12-11 13:12 cmsimple
drwxrwxrwx  2 web1_monica web1 4096 2005-12-14 21:17 content
drwxrwxrwx  2 web1_monica web1 4096 2005-12-10 20:08 downloads
drwxrwxr-x  2 web1_monica web1 4096 2005-12-10 18:33 error
drwxr-xr-x  3 web1_monica web1 4096 2005-12-10 18:41 images
-rw-r--r--  1 web1_monica web1  39 2005-12-10 18:41 index.php
drwxr-xr-x  8 web1_monica web1 4096 2005-12-12 21:19 mail
drwxr-xr-x  2 web1_monica web1 4096 2005-12-10 18:41 plugins
drwxr-xr-x  2 web1_monica web1 4096 2005-12-12 04:00 stats
drwxr-xr-x  6 web1_monica web1 4096 2005-12-10 18:50 templates
drwxr-xr-x  2 web1_monica web1 4096 2005-12-12 21:05 wiz

i've also searched for ".htaccess" into all folders, the only one found is into /var/www/web1/web/stats that is not part of the site. Keep in mind that the "forbidden" error is random, so the majority of the requests are correctly served.
Can this error be related to my "quota" error?

Thanks for your help,

LC

kokez 27th December 2005 19:09

tried today the same installation (ubuntu-server-5.10-install-i386 + ISPConfig-2.1.2.tar.gz) on a P4 2.8GHz 256RAM, all work as expected, no quota error, no forbiddens, no errors at all. Until now...
:)
LC

saul 28th February 2006 18:27

pcfg_openfile 'Too many files' problem
 
I had exactly the same problem installing the 'perfect setup' for debian sarge. I was using a 64 bit system though, and I think this problem have something to do with the the 64 bit system.

I'm pretty sure the error is an OS problem - not a permissions issue. After lots of futzing around, I found this:

http://groups.google.com/group/comp....b73aa6c4d8525e

Which explains that this error:

Quote:

[Tue Feb 28 17:41:35 2006] [crit] [client xx.xx.xx.xx] (24)Too many open files: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Is caused by more files being open on the system than are set as allowable in /proc/sys/fs/file-max.

you can tell how many files you're allowed to open by doing

Quote:

# cat /proc/sys/fs/file-max
# 100072
The obvious fix is to make it so you can open more files.

I tried almost doubling how many I allowed to open:

Quote:

# echo 200072 > /proc/sys/fs/file-max
That seemed to sort out the problem, the trouble is, being a bad admin, I don't really know how many files I *should* allow to be open at any time.

This works, but am I introducing security flaws? I wish I was a better admin.

Anyway - from my experience so far, I would not recommend running ispconfig under a 64 bit debian system - too fiddly, but workable so far.

Hope this helps someone one day. I was bewildered about this for a good few hours..

cheers,

Saul.

falko 1st March 2006 10:17

Quote:

Originally Posted by saul
One more thing, I added this to root's crontab:



to re-apply this change whenever the system reboots... hope that's not another stupidity.

ho hum.

Should be ok.
BTW, the next ISPConfig version will have support for 64-bit systems. :)


All times are GMT +2. The time now is 02:05.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.