HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   ISPConfig API - Soap Error: Forbidden (http://www.howtoforge.com/forums/showthread.php?t=59316)

blackangel 30th October 2012 14:32

ISPConfig API - Soap Error: Forbidden
 
Hello.

I've configured 2 servers following this guide:
http://www.howtoforge.com/perfect-se...ot-ispconfig-3

And on both servers I've the same issue: I cannot use the ISPConfig API.
I got the same error: "Soap Error: Forbidden"

It is not a privileges issue with the remote user, but it seems to be an HTTP error (probably a 403).

The weird thing is that some functions works, like 'mail_user_get' but some other not, like 'client_get_id' (even with a remote user with ALL privileges).

The "Forbidden" error is a real PHP Exception, it doesn't come from any functions in 'remoting.inc.php' or 'remoting_lib.inc.php'.

So my guess is that it is a permissions issue on a file or URL, but I cannot find where ...

How can I figure it out which file or url is "forbidden" ?

Thanks.

till 30th October 2012 14:40

Which errors do you get in the apache error.log?

blackangel 30th October 2012 17:05

Quote:

Originally Posted by till (Post 287535)
Which errors do you get in the apache error.log?

None.
Only a code '200' in the access.log.

As the page is well desserved by apache it is normal.

The exception is raised by PHP but I've nothing in the logs. I think I will debug it using xdebug, it's my last call.

blackangel 30th October 2012 20:57

After hours of search, I've found that it was an apache mod causing this issue :mad:

I've written a small PHP script to test the API.
When I call login and next a function, it works.
BUT, when the function is included in a loop, it crash after one or 2 occurrences.

For a while, I've suspected suhosin but I've nothing in the logs about a suhosin alert.

So I've looked into the apache mod, and the winner was: mod_evasive !

It detects the loop as a DoS attack ... :confused:

In conclusion: never enabled mod_evasive if your API need to be called in a loop.

PS: I can't add a RESOLVED to my title, too bad


All times are GMT +2. The time now is 20:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.