403 error with new websites.

Discussion in 'Developers' Forum' started by otacon, Mar 24, 2011.

  1. otacon

    otacon New Member

    When I use the following script to create a website and client through API functions I get a 403 error on my new website. Creating the website through ispconfig control panel works fine. I verified the linux group and linux user with other websites and they seem correct.

    I then

    chown -R root:client0 ../testing1.remcycle.net
    and
    chmod -R 744 ../testing1.remcycle.net

    But that didn't do anything for me.

    Suggestions would be great!

    PHP:
    <?php

    /*
    Copyright (c) 2007, Till Brehm, projektfarm Gmbh
    All rights reserved.

    Redistribution and use in source and binary forms, with or without modification,
    are permitted provided that the following conditions are met:

        * Redistributions of source code must retain the above copyright notice,
          this list of conditions and the following disclaimer.
        * Redistributions in binary form must reproduce the above copyright notice,
          this list of conditions and the following disclaimer in the documentation
          and/or other materials provided with the distribution.
        * Neither the name of ISPConfig nor the names of its contributors
          may be used to endorse or promote products derived from this software without
          specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
    OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    */

    //* Examples for the remoting framework

    //* Login credentials
    require('soap_config.php');


    // Create the SOAP Client
    $client = new SoapClient(null, array('location' => $soap_location,
                                         
    'uri'      => $soap_uri));


    try {
        
    //* Login to the remote server
        
    if($session_id $client->login($username,$password)) {
            echo 
    'Logged into remote server sucessfully. The SessionID is '.$session_id.'<br />';
        }    
        
    $params = array(        'server_id' => 1,
                        
    'company_name' => $_POST["company"],
                        
    'contact_name' => $_REQUEST["name"],
                        
    'username' =>$_POST["username"],
                        
    'password' =>$_POST["password"],
                        
    'language' =>'en',
                        
    'usertheme' =>'default',
                        
    'street' =>$_POST["address"],
                        
    'zip' =>$_POST["zipcode"],
                        
    'city' =>$_POST["city"],
                        
    'state' =>$_POST["state"],
                        
    'country' =>$_POST["country"],
                        
    'telephone' =>$_POST["phone_number"],
                        
    'mobile' =>'',
                        
    'fax' =>'',
                        
    'internet' =>'',
                        
    'icq' =>'',
                        
    'notes' =>'',  
                        
    'template_master' => '0',
                        
    'template_additional' =>'',
                        
    'default_mailserver' =>'1',
                        
    'limit_maildomain' =>'1',
                        
    'limit_mailbox' =>'-1',
                        
    'limit_mailalias' =>'-1',
                        
    'limit_mailforward' =>'-1',
                        
    'limit_mailcatchall' =>'-1',
                        
    'limit_mailrouting' => '-1',
                        
    'limit_mailfilter' =>'-1',
                        
    'limit_fetchmail' =>'-1',
                        
    'limit_mailquota' =>'-1',
                        
    'limit_spamfilter_wblist' =>'-1',
                        
    'limit_spamfilter_user' =>'-1',
                        
    'limit_spamfilter_policy' =>'-1',
                        
    'default_webserver' =>'1',
                        
    'limit_web_domain' =>'-1',
                        
    'web_php_options' =>"SuPHP",
                        
    'limit_web_aliasdomain' =>'-1',
                        
    'limit_web_subdomain' =>'-1',
                        
    'limit_ftp_user' =>'-1',
                        
    'limit_shell_user' =>'-1',
                        
    'ssh_chroot' =>'None',
                        
    'default_dnsserver' =>'1',
                        
    'limit_dns_zone' =>'-1',
                        
    'limit_dns_record' =>'-1',
                        
    'limit_client' =>'0',
                        
    'default_dbserver' =>'1',
                        
    'limit_database' =>'-1',
                        
    'limit_cron' =>'0',
                        
    'limit_cron_type' =>'',
                        
    'limit_cron_frequency' =>'-1');
        
        
    $con mysql_connect("localhost","noneya","******");
        if (!
    $con)
        {
            die(
    'Could not connect: ' mysql_error());
        }
        
    mysql_select_db("dbispconfig"$con);
        
    $reseller_id 0;
        
    $domain_id $client->client_add($session_id$reseller_id$params);
        
    $tablename         "web_domain"
        
    $next_increment     0
        
    $qShowStatus         "SHOW TABLE STATUS LIKE '$tablename'"
        
    $qShowStatusResult     mysql_query($qShowStatus) or die ( "Query failed: " mysql_error() . "<br/>" $qShowStatus ); 
        
    $row mysql_fetch_assoc($qShowStatusResult); 
        
    $next_increment $row['Auto_increment']; 
        
        
    $domain_id $next_increment
        
    $params_website = array('server_id' => 1
                                
    'ip_address' => '*'
                                
    'domain' => $_POST["username"].'.remcycle.net'
                                
    'type' => 'vhost'
                                
    'parent_domain_id' => ''
                                
    'vhost_type' => 'name'
                                
    'hd_quota' => '50'
                                
    'traffic_quota' => '1000'
                                
    'cgi' =>'n'
                                
    'ssi' =>'n'
                                
    'suexec' =>'n'
                                
    'errordocs' =>'1'
                                
    'subdomain' =>'www'
                                
    'ssl' =>'n'
                                
                                
    'php' =>"mod"
                                
    'ruby' =>'n'
                                
    'active' =>'y'
                                
                                
    'redirect_type' =>'no'
                                
    'redirect_path' =>''
                                
                                
    'ssl_state' =>''
                                
    'ssl_organisation' =>''
                                
    'ssl_organisation_unit' =>''
                                
    'ssl_country' =>''
                                
    'ssl_domain' => $_POST["username"].'.remcycle.net'
                                
    'ssl_request' =>''
                                
    'ssl_cert' =>''
                                
    'ssl_bundle' =>''
                                
    'ssl_action' =>''
                                
                                
                                
    //'stats_password' =>$password, 
                                
    'stats_password' =>''
                                
    'stats_type' =>'webalizer'
                                
                                
    'backup_interval' =>'monthly'
                                
    'backup_copies' =>'1'
                                
                                
    'document_root' =>'/var/www/remcycle.net/'
                                
    'system_user' =>'web'.$domain_id
                                
    'system_group' =>'client0'
                                
    'allow_override' =>'All'
                                
    'php_open_basedir' =>'/var/www/clients/client0/web'.$domain_id.'/web:/var/www/clients/client0/web'.$domain_id.'/tmp:/var/www/'.$_POST["username"].'remcycle.net/web:/srv/www/'.$_POST["username"].'remcycle.net/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin'
                                
    'custom_php_ini' =>'',  
                                
    'apache_directives' =>''
                                
    'client_group_id' =>$client_id+
                                
    ); 
        
        
    $website_id $client->sites_web_domain_add($session_id$client_id$params_website);  
        
        
    //* ----------------------------------------------------------
        //* Example functions
        //* ----------------------------------------------------------
        
        /*
        //* Add a email domain
        $params = array(    'server_id' => 1,
                            'domain' => 'domain.tld',
                            'active' => 'y');
        $client_id = 0;
        $domain_id = $client->mail_domain_add($session_id, $client_id, $params);
        */
        
        /*
        //* Update email domain
        $params = array(    'server_id' => 1,
                            'domain' => 'domain.tld',
                            'active' => 'y');
        //* ID of the client. 0 = the admin owns this record.
        $client_id = 0;
        
        // ID of the domain whch shall be updated.
        $domain_id = 1;
        
        // Call the domain update function
        $domain_id = $client->mail_domain_update($session_id, $client_id, $domain_id, $params);
        */
        
        
        //* Logout
        
    if($client->logout($session_id)) {
            echo 
    'Logged out sucessfully.<br />';
        }
        
        
    } catch (
    SoapFault $e) {
        die(
    'SOAP Error: '.$e->getMessage());
    }
    2011-03-24 16:21 server1.remcycle.net Debug Processed datalog_id 259
    2011-03-24 16:21 server1.remcycle.net Debug Apache online status after restart is: 1
    2011-03-24 16:21 server1.remcycle.net Debug Calling function 'restartHttpd' from module 'web_module'.
    2011-03-24 16:21 server1.remcycle.net Debug Apache status is: 1
    2011-03-24 16:21 server1.remcycle.net Debug Writing the vhost file: /etc/apache2/sites-available/testing1.remcycle.net.vhost
    2011-03-24 16:21 server1.remcycle.net Debug Disable SSL for: testing1.remcycle.net
    2011-03-24 16:21 server1.remcycle.net Debug exec: chown web13:client43 /var/www/clients/client43/web13/log/error.log
    2011-03-24 16:21 server1.remcycle.net Debug exec: chown web13:client43 /var/www/clients/client43/web13
    2011-03-24 16:21 server1.remcycle.net Debug exec: chmod 751 /var/www/clients/client43/web13/*
    2011-03-24 16:21 server1.remcycle.net Debug exec: chmod 751 /var/www/clients/client43/web13/
    2011-03-24 16:21 server1.remcycle.net Debug Adding the group: client43
    2011-03-24 16:21 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client43/web13/ /var/www/clients/client43/testing1.remcycle.net
    2011-03-24 16:21 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client43/web13/ /var/www/testing1.remcycle.net
    2011-03-24 16:21 server1.remcycle.net Debug Moving site to new document root: mv /var/www/clients/client0/web13 /var/www/clients/client43
    2011-03-24 16:21 server1.remcycle.net Debug Removed Symlink: rm -f /var/www/clients/client0/testing1.remcycle.net
    2011-03-24 16:21 server1.remcycle.net Debug Removed Symlink: rm -f /var/www/testing1.remcycle.net
    2011-03-24 16:21 server1.remcycle.net Debug Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    2011-03-24 16:21 server1.remcycle.net Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.



    I even tried to change the client hopping that would chmod and chown, but that didn't do anything either.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The site will not work with this chmod settings. Please delete the site in ispconfig, it can not be used for further teststs with this settings.

    Regarding your original problem, after you delete the website, create it again. Then try to access it and when you get an error, please look in the apache error.log of the website and post the exact error message that you find there.

    Also the document root in your script is wrong, a document root "/var/www/remcycle.net/" can not be used, as /var/www/remcycle.net/ is a symlink to the document root and not the folder that contains the website. The document root is a folder like /var/www/clients/client2/web1
     
  3. otacon

    otacon New Member

    Thank you for your reply.

    I have now changed

    PHP:
    'document_root' =>'/var/www/remcycle.net/'
    to
    PHP:
    'document_root' =>'/var/www/clients/client0/web'.$domain_id,

    I don't seem to have any errors in my log, but here is what I have

    2011-03-24 19:23 server1.remcycle.net Debug exec: chown web14:client0 /var/www/clients/client0/web14
    2011-03-24 19:23 server1.remcycle.net Debug exec: chown -R web14:client0 /var/www/clients/client0/web14
    2011-03-24 19:23 server1.remcycle.net Debug Adding the user: web14
    2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client0/web14/ /var/www/clients/client0/testing2.remcycle.net
    2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client0/web14/ /var/www/testing2.remcycle.net
    2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/log/ispconfig/httpd/testing2.remcycle.net /var/www/clients/client0/web14/log
    2011-03-24 19:23 server1.remcycle.net Debug Calling function 'insert' from plugin 'apache2_plugin' raised by event 'web_domain_insert'.
    2011-03-24 19:23 server1.remcycle.net Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_insert'.
    2011-03-24 19:23 server1.remcycle.net Debug Processed datalog_id 264
    2011-03-24 19:23 server1.remcycle.net Debug Processed datalog_id 263
    2011-03-24 19:23 server1.remcycle.net Debug Found 3 changes, starting update process.



    I of course deleted testing1.remcycle.net and this is the output of testing2.remcycle.net.

    Unfortunately even with me making the changes suggested I still get, "ERROR 403 - Forbidden!

    The following error occurred:

    You are not permitted to access the requested URL.

    Please contact the webmaster with any queries."
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    PLease check the error.log of the website. If you get a 403 error, then it must be listed there. I do not talk about the ispconfig log!
     
  5. otacon

    otacon New Member

    error.log

    Code:
    [Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied by server configuration: /
    [Thu Mar 24 20:26:32 2011] [error] [client 98.226.168.246] client denied by server configuration: /
    [Thu Mar 24 21:24:36 2011] [error] [client 98.226.168.246] client denied by server configuration: /
    [Thu Mar 24 21:24:36 2011] [error] [client 98.226.168.246] File does not exist: /var/www/testing2.remcycle.net/web/favicon.ico, referer: http://testing2.remcycle.net/
    
    testing2.remcycle.net/index.html works.

    I guess I could fix it with an htaccess file , but I would prefer to figure out why the directory isn't forwarding to index.html.
     
    Last edited: Mar 25, 2011
  6. falko

    falko Super Moderator ISPConfig Developer

  7. otacon

    otacon New Member

    both /etc/apache2/sites-available/testing2.remcycle.net.vhost
    /etc/apache2/sites-enabled/testing2.remcycle.net.vhost

    do not have DirectoryIndex.

    here is my vhost:

     
    Last edited: Mar 26, 2011
  8. otacon

    otacon New Member

    I tried to add "DirectoryIndex index.html" to the vhost and then restarted the system, but that did not solve the issue.

    I then deleted the website and readded it just in case that messed up ispconfig.
     
  9. falko

    falko Super Moderator ISPConfig Developer

    Still not working? Can you post the output of
    Code:
    ls -la /var/www/testing2.remcycle.net/web/
    ?
     
  10. otacon

    otacon New Member

    server1:~# ls -la /var/www/testing3.remcycle.net/web/
    total 20
    drwx--x--- 4 web15 client0 4096 2011-03-24 19:34 .
    drwxr-x--x 6 web15 client0 4096 2011-03-24 19:34 ..
    drwxr-xr-x 2 web15 client0 4096 2011-03-24 19:34 error
    -rwxr-xr-- 1 web15 client0 1861 2011-03-24 19:34 index.html
    drwxr-xr-x 2 root root 4096 2011-03-24 19:34 stats
     
    Last edited: Mar 27, 2011
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Which setting do you use in system > server config > web > security level? The recommended setting is high.

    And which linux user and linux group is used for this website?
     
  12. otacon

    otacon New Member

    Security Setting Is "High"

    User = web15
    Group = client0
     
  13. otacon

    otacon New Member

    Ok, so as I am stumped as to why this is happening I have done a bad work around to fix the issue.

    in the .vhosts I changed the 403 error path to index.html. This restricts the users to having this exact file name.

    I will post an answer as soon I discover it.
     
  14. otacon

    otacon New Member

    Alright it has been long enough for me to be fed up with all this troubleshooting so instead of me just doing random things I find on the web I am going to have to do this in a more intelligent manner.

    ok So I need to start off by listing all the possibilities of a 403 error on a web site then from that list systematically rule out each issue until I get to the root cause.

    I need help with the first step of this process. My current list of possible causes is as follows:

    1.Site is password protected.
    2.Wrong Group for access
    3. Wrong username for access
    4.The website may be configured so as to disallow all attempted requests for directory listings


    When accessing the directory from the internet what user and group is used by the user to access those files? Is it client24:web52 *example*?

    Also I am having no issue when I create a website through the control panel. Does the API do this process manually or does it use whet ever the control panel uses? if it uses the same script then I would have to assume that the problem is in my registration script.


    Thank you for your help and I hope I can figure this out soon,
    otacon
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats depends on the file type that you access and the options that you have set in the website. E.g. html files and images are accessed by the apache user while php scripts run under the web user when you have suexec enabled.

    Then its most likely a problem with your script. ISPConfig uses the same code to create a website wether you use the ispconfig interface or the api.
     
  16. otacon

    otacon New Member

    should these errorlogs be saying client denied by / "root"? Why would it be trying to access root?

    Is this normal or should it be /var/www/testing600.remcycle.net/web?



    -----------------------------------------------------

    Ok I think that was the problem. I added


    <Directory />
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    </Directory>


    to testing600.remcycle.net.vhost and now it works.

    Now I have to find out why it needs to go to the root directory.

    Will adding this to the vhost create a security risk?


    ------------------------------------------------------------------

    another update. I have found the issue inside the vhost.

    in the vhosts that are created through API

    PHP:
        RewriteEngine on
        RewriteCond 
    %{HTTP_HOST}   ^test.remcycle.net [NC]
        
    RewriteRule   ^/(.*)$ /$1  
        RewriteCond 
    %{HTTP_HOST}   ^www.test.remcycle.net [NC]
        
    RewriteRule   ^/(.*)$ /$1  
    is added once this is removed the domain works perfectly. I am not sure what this means, but I will be doing a little googling to find out.
     
    Last edited: May 2, 2011

Share This Page