ISPConfig API - Soap Error: Forbidden
I've configured 2 servers following this guide:
And on both servers I've the same issue: I cannot use the ISPConfig API.
I got the same error: "Soap Error: Forbidden"
It is not a privileges issue with the remote user, but it seems to be an HTTP error (probably a 403).
The weird thing is that some functions works, like 'mail_user_get' but some other not, like 'client_get_id' (even with a remote user with ALL privileges).
The "Forbidden" error is a real PHP Exception, it doesn't come from any functions in 'remoting.inc.php' or 'remoting_lib.inc.php'.
So my guess is that it is a permissions issue on a file or URL, but I cannot find where ...
How can I figure it out which file or url is "forbidden" ?
Which errors do you get in the apache error.log?
Only a code '200' in the access.log.
As the page is well desserved by apache it is normal.
The exception is raised by PHP but I've nothing in the logs. I think I will debug it using xdebug, it's my last call.
After hours of search, I've found that it was an apache mod causing this issue :mad:
I've written a small PHP script to test the API.
When I call login and next a function, it works.
BUT, when the function is included in a loop, it crash after one or 2 occurrences.
For a while, I've suspected suhosin but I've nothing in the logs about a suhosin alert.
So I've looked into the apache mod, and the winner was: mod_evasive !
It detects the loop as a DoS attack ... :confused:
In conclusion: never enabled mod_evasive if your API need to be called in a loop.
PS: I can't add a RESOLVED to my title, too bad
|All times are GMT +2. The time now is 14:57.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.