403 forbiden on all sites on sever after update last night?

Discussion in 'Installation/Configuration' started by Marc Wallace, Mar 24, 2021.

  1. Marc Wallace

    Marc Wallace New Member

    Code:
    [email protected]:/home/web# cat htf_report.txt | more
    
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 18.04.5 LTS
    
    [INFO] uptime:  21:32:57 up 23:26,  1 user,  load average: 0.29, 0.16, 0.09
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:           7.8G        3.7G        333M        123M        3.7G        5.1G
    Swap:          4.0G        1.0M        4.0G
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.3
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.2.24-0ubuntu***.***.***.***
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 3362)
    [INFO] I found the following mail server(s):
            Unknown process (smtpd) (PID 13305)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 28357)
    [INFO] I found the following imap server(s):
            Dovecot (PID 28357)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 28502)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [localhost]:10027               (28242/master)
    [anywhere]:587          (28242/master)
    [localhost]:11211               (1475/memcached)
    [anywhere]:110          (28357/dovecot)
    [anywhere]:143          (28357/dovecot)
    [anywhere]:465          (28242/master)
    ***.***.***.***:53              (28519/named)
    ***.***.***.***:53              (28519/named)
    [localhost]:53          (28519/named)
    [anywhere]:21           (28502/pure-ftpd)
    ***.***.***.***:53              (854/systemd-resolve)
    [anywhere]:22           (1727/sshd)
    [localhost]:953         (28519/named)
    [anywhere]:25           (13305/smtpd)
    [localhost]:6010                (26839/sshd:)
    [anywhere]:993          (28357/dovecot)
    [anywhere]:995          (28357/dovecot)
    [localhost]:10023               (1906/postgrey)
    [localhost]:10024               (13265/amavisd-new)
    [localhost]:10025               (28242/master)
    [localhost]:10026               (13265/amavisd-new)
    [localhost]:3306                (28024/mysqld)
    *:*:*:*::*:587          (28242/master)
    [localhost]10           (28357/dovecot)
    [localhost]43           (28357/dovecot)
    *:*:*:*::*:8080         (3362/apache2)
    *:*:*:*::*:80           (3362/apache2)
    *:*:*:*::*:8081         (3362/apache2)
    *:*:*:*::*:465          (28242/master)
    *:*:*:*::*:53           (28519/named)
    *:*:*:*::*:21           (28502/pure-ftpd)
    *:*:*:*::*:22           (1727/sshd)
    *:*:*:*::*:953          (28519/named)
    *:*:*:*::*:25           (13305/smtpd)
    *:*:*:*::*:6010         (26839/sshd:)
    *:*:*:*::*:443          (3362/apache2)
    *:*:*:*::*:993          (28357/dovecot)
    *:*:*:*::*:995          (28357/dovecot)
    *:*:*:*::*:10023                (1906/postgrey)
    *:*:*:*::*:10024                (13265/amavisd-new)
    *:*:*:*::*:10026                (13265/amavisd-new)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:10000
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:3306
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination
    
    
    
    so I did the update last night and now all sites http come back with
    Forbidden
    You don't have permission to access this resource.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    if i put https:// they work how do i correct this???

    thanks in advance

    Marc
     
    Last edited: Mar 24, 2021
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. Marc Wallace

    Marc Wallace New Member

    sorry added the requested info
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Please read the ful read before posting.
     
  5. Marc Wallace

    Marc Wallace New Member

    not sure i follow that last one i did read the site i did post the log but none of what is listed is the issue. i did the update and now all my site want https not http
    all sites also set to * and not an ip
     
    Last edited: Mar 24, 2021
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Did you check your site ip addresses? You can run 'apachectl -S' to get a quick list without having to go through each website settings, or take a quick look over 'grep :80 /etc/apache2/sites-enabled/*'
     
  7. Marc Wallace

    Marc Wallace New Member

    Code:
    [email protected]:/home/web# apachectl -S
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7
    VirtualHost configuration:
    *:8081                 mail.911pcdoc.com (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:8080                 mail.911pcdoc.com (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
    *:443                  fcafalcons.academy (/etc/apache2/sites-enabled/100-fcafalcons.academy.vhost:125)
    *:80                   is a NameVirtualHost
             default server mail.911pcdoc.com (/etc/apache2/sites-enabled/000-default.conf:1)
             port 80 namevhost mail.911pcdoc.com (/etc/apache2/sites-enabled/000-default.conf:1)
             port 80 namevhost bbb.fcafalcons.academy (/etc/apache2/sites-enabled/100-bbb.fcafalcons.academy.vhost:7)
                     alias www.bbb.fcafalcons.academy
             port 80 namevhost beyondip.tv (/etc/apache2/sites-enabled/100-beyondip.tv.vhost:7)
                     alias www.beyondip.tv
             port 80 namevhost fcafalcons.academy (/etc/apache2/sites-enabled/100-fcafalcons.academy.vhost:7)
                     alias www.fcafalcons.academy
             port 80 namevhost friendshipchristianacademy.org (/etc/apache2/sites-enabled/100-friendshipchristianacademy.org.vhost:7)
                     alias www.friendshipchristianacademy.org
             port 80 namevhost k4bum.me (/etc/apache2/sites-enabled/100-k4bum.me.vhost:7)
                     alias www.k4bum.me
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex authdigest-client: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33
    
     

Share This Page