ISPConfig API - Soap Error: Forbidden
 

Hello.

I've configured 2 servers following this guide:
http://www.howtoforge.com/perfect-se...ot-ispconfig-3

And on both servers I've the same issue: I cannot use the ISPConfig API.
I got the same error: "Soap Error: Forbidden"

It is not a privileges issue with the remote user, but it seems to be an HTTP error (probably a 403).

The weird thing is that some functions works, like 'mail_user_get' but some other not, like 'client_get_id' (even with a remote user with ALL privileges).

The "Forbidden" error is a real PHP Exception, it doesn't come from any functions in 'remoting.inc.php' or 'remoting_lib.inc.php'.

So my guess is that it is a permissions issue on a file or URL, but I cannot find where ...

How can I figure it out which file or url is "forbidden" ?

Thanks.

Which errors do you get in the apache error.log?

None.
Only a code '200' in the access.log.

As the page is well desserved by apache it is normal.

The exception is raised by PHP but I've nothing in the logs. I think I will debug it using xdebug, it's my last call.

After hours of search, I've found that it was an apache mod causing this issue :mad:

I've written a small PHP script to test the API.
When I call login and next a function, it works.
BUT, when the function is included in a loop, it crash after one or 2 occurrences.

For a while, I've suspected suhosin but I've nothing in the logs about a suhosin alert.

So I've looked into the apache mod, and the winner was: mod_evasive !

It detects the loop as a DoS attack ... :confused:

In conclusion: never enabled mod_evasive if your API need to be called in a loop.

PS: I can't add a RESOLVED to my title, too bad