403 forbidden on new websites

Discussion in 'ISPConfig 3 Priority Support' started by arraken, Feb 28, 2014.

  1. arraken

    arraken Member HowtoForge Supporter

    Hi,

    I have a problem when creating new websites. I am on a multiserver setup, and on my webserver I already created a website, lets call it working.tld, which is working fine. The ispconfig admin panel is also working fine. But when I create an additional website, lets say notworking.tld, i get a 403 error when I visit the website.

    I don't know if the problem is, that it's an additional website, or if I made some change on the server between setting up the first and the second website, which cause the problem. The fact is that all new websites I now create are not working and give me the same 403 error.

    Here are some facts about my setup: The webserver is running on a Ubuntu 12.04 VM (OpenVZ). I control the OpenVZ Host myself, and did not make any changes there. I recently installed an SSL-Wildcard certificate, als described here (don't know if that can have anything to do with it): installing ssl cert

    Here is the output of the ../log/error.log of "notworking.tld":

    Code:
    [Fri Feb 28 08:42:55 2014] [error] [client 86.56.160.25] (13)Permission denied: access to / denied
    [Fri Feb 28 08:42:55 2014] [error] [client 86.56.160.25] (13)Permission denied: access to /error/403.html denied
    
    Here is the output of the acces.log:

    Code:
    86.56.160.25 - - [28/Feb/2014:09:12:53 +0100] "GET / HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36"
    86.56.160.25 - - [28/Feb/2014:09:12:53 +0100] "GET /favicon.ico HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36"
    I compared the vhost files of the working.tld and notworking.tld, and they are essentially identical. Here is the vhost file of the nottworking.tld:

    Code:
    <Directory /var/www/notworking.tld>
                    AllowOverride None
                    Order Deny,Allow
                    Deny from all
    </Directory>
    
    <VirtualHost *:80>
                                            DocumentRoot /var/www/notworking.tld/web
    
                    ServerName notworking.tld
                    ServerAlias www.notworking.tld
                    ServerAdmin [email protected]
    
                    ErrorLog /var/log/ispconfig/httpd/notworking.tld/error.log
    
                    Alias /error/ "/var/www/notworking.tld/web/error/"
                    ErrorDocument 400 /error/400.html
                    ErrorDocument 401 /error/401.html
                    ErrorDocument 403 /error/403.html
                    ErrorDocument 404 /error/404.html
                    ErrorDocument 405 /error/405.html
                    ErrorDocument 500 /error/500.html
                    ErrorDocument 502 /error/502.html
                    ErrorDocument 503 /error/503.html
    
                    <IfModule mod_ssl.c>
                    </IfModule>
    
                    <Directory /var/www/notworking.tld/web>
                                    Options FollowSymLinks
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
                    <Directory /var/www/clients/client1/web13/web>
                                    Options FollowSymLinks
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
    
    
    
    
                    # suexec enabled
                    <IfModule mod_suexec.c>
                            SuexecUserGroup web13 client1
                    </IfModule>
                    # Clear PHP settings of this website
                    <FilesMatch "\.ph(p3?|tml)$">
                                    SetHandler None
                    </FilesMatch>
                    # php as fast-cgi enabled
            # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
                    <IfModule mod_fcgid.c>
                                    IdleTimeout 300
                                    ProcessLifeTime 3600
                                    # MaxProcessCount 1000
                                    DefaultMinClassProcessCount 0
                                    DefaultMaxClassProcessCount 100
                                    IPCConnectTimeout 3
                                    IPCCommTimeout 360
                                    BusyTimeout 300
                    </IfModule>
                    <Directory /var/www/notworking.tld/web>
                                    AddHandler fcgid-script .php .php3 .php4 .php5
                                    FCGIWrapper /var/www/php-fcgi-scripts/web13/.php-fcgi-starter .php
                                    Options +ExecCGI
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
                    <Directory /var/www/clients/client1/web13/web>
                                    AddHandler fcgid-script .php .php3 .php4 .php5
                                    FCGIWrapper /var/www/php-fcgi-scripts/web13/.php-fcgi-starter .php
                                    Options +ExecCGI
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
    
    
                    # add support for apache mpm_itk
                    <IfModule mpm_itk_module>
                            AssignUserId web13 client1
                    </IfModule>
    
                    <IfModule mod_dav_fs.c>
                    # Do not execute PHP files in webdav directory
                            <Directory /var/www/clients/client1/web13/webdav>
                                    <ifModule mod_security2.c>
                                            SecRuleRemoveById 960015
                                            SecRuleRemoveById 960032
                                    </ifModule>
                                    <FilesMatch "\.ph(p3?|tml)$">
                                            SetHandler None
                                    </FilesMatch>
                            </Directory>
                            DavLockDB /var/www/clients/client1/web13/tmp/DavLock
                            # DO NOT REMOVE THE COMMENTS!
                            # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
                            # WEBDAV END
                    </IfModule>
    
    
    </VirtualHost>
    I am really a bit stumped about what could cause this problem. I just can't find any apparent reason.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post theoutput of:

    ls -la /var/www/notworking.tld/web/

    and check if the user web13 is listed in /etc/passwd
     
  3. arraken

    arraken Member HowtoForge Supporter

    output of ls -la /var/www/notworking.tld/web:

    Code:
    drwxrwx--- 12 web13 client1  4096 Feb 28 09:01 .
    drwx--x---  9 root  root     4096 Feb 28 08:31 ..
    -rw-r--r--  1 web13 client1  6604 Feb 28 09:01 authorize.php
    -rw-r--r--  1 web13 client1 82208 Feb 28 09:01 CHANGELOG.txt
    -rw-r--r--  1 web13 client1  1481 Feb 28 09:01 COPYRIGHT.txt
    -rw-r--r--  1 web13 client1   720 Feb 28 09:01 cron.php
    drwxr-xr-x  2 web13 client1  4096 Feb 28 08:31 error
    -rw-r--r--  1 web13 client1  2178 Feb 28 09:01 example-web.config
    -rw-r--r--  1 root  root     3728 Feb 28 09:01 .htaccess
    drwxr-xr-x  4 web13 client1  4096 Feb 28 09:01 includes
    -rw-r--r--  1 web13 client1   529 Feb 28 09:01 index.php
    -rw-r--r--  1 web13 client1  1451 Feb 28 09:01 INSTALL.mysql.txt
    -rw-r--r--  1 web13 client1  1874 Feb 28 09:01 INSTALL.pgsql.txt
    -rw-r--r--  1 web13 client1   703 Feb 28 09:01 install.php
    -rw-r--r--  1 web13 client1  1298 Feb 28 09:01 INSTALL.sqlite.txt
    -rw-r--r--  1 web13 client1 17861 Feb 28 09:01 INSTALL.txt
    -rw-r--r--  1 web13 client1 18092 Feb 28 09:01 LICENSE.txt
    -rw-r--r--  1 web13 client1  8191 Feb 28 09:01 MAINTAINERS.txt
    drwxr-xr-x  4 web13 client1  4096 Feb 28 09:01 misc
    drwxr-xr-x 42 web13 client1  4096 Feb 28 09:01 modules
    drwxr-xr-x  5 web13 client1  4096 Feb 28 09:01 profiles
    -rw-r--r--  1 web13 client1  5376 Feb 28 09:01 README.txt
    -rw-r--r--  1 web13 client1  1561 Feb 28 09:01 robots.txt
    drwxr-xr-x  2 web13 client1  4096 Feb 28 09:01 scripts
    drwxr-xr-x  4 web13 client1  4096 Feb 28 09:01 sites
    drwxr-xr-x  2 root  root     4096 Feb 28 08:31 stats
    drwxr-xr-x  7 web13 client1  4096 Feb 28 09:01 themes
    drwxr-xr-x  2 web13 client1  4096 Feb 28 09:01 tmp
    -rw-r--r--  1 web13 client1 20989 Feb 28 09:01 update.php
    -rw-r--r--  1 web13 client1 20017 Feb 28 09:01 update.php.orig
    -rw-r--r--  1 web13 client1  9642 Feb 28 09:01 UPGRADE.txt
    -rw-r--r--  1 web13 client1   417 Feb 28 09:01 xmlrpc.php

    It's an empty drupal installation via APS installer. The same thing works in the working.tld

    The user web13 is listed in /etc/passwd:
    web13:x:1009:1005::/var/www/clients/client1/web13:/bin/false
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Do the working sites use * or the ip address in website settings?
    2) try a:

    chmod +x /var/www/notworking.tld/web
     
  5. arraken

    arraken Member HowtoForge Supporter

    the chmod +x didnt work.

    You might be onto something with * for ipaddress in the website settings:

    I recall that I could use an ipaddress after i set up the multiserver setup. But now, i can only select *.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look int the vhost file of a working site, does it use * or an IP in this line:

    <VirtualHost *:80>
     
  7. arraken

    arraken Member HowtoForge Supporter

    the working, als well as the notworking use <VirtualHost *:80>
     
  8. arraken

    arraken Member HowtoForge Supporter

    my hosts file looks like this, if this is any help:

    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters

    1.2.3.50 ns2.mydomain.tld ns2
    1.2.3.42 db1.mydomain.tld db1
    1.2.3.49 mail1.mydomain.tld mail1
    1.2.3.43 ns1.mydomain.tld ns1
    127.0.0.1 localhost.localdomain localhost
    1.2.3.41 web1.mydomain.tld web1
    ::1 localhost ip6-localhost ip6-loopback
     
  9. arraken

    arraken Member HowtoForge Supporter

    I just did a "php -q update.php" of ispconfig and reconfigured servcies - now adding websites works again. I'll check if everything else works after the update, but for now it's seems fine.

    Sorry for bothering you - next time I'll do the reconfigure before I ask for help. :eek:
     

Share This Page