ISPConfig API - Soap Error: Forbidden

Discussion in 'General' started by blackangel, Oct 30, 2012.

  1. blackangel

    blackangel New Member


    I've configured 2 servers following this guide:

    And on both servers I've the same issue: I cannot use the ISPConfig API.
    I got the same error: "Soap Error: Forbidden"

    It is not a privileges issue with the remote user, but it seems to be an HTTP error (probably a 403).

    The weird thing is that some functions works, like 'mail_user_get' but some other not, like 'client_get_id' (even with a remote user with ALL privileges).

    The "Forbidden" error is a real PHP Exception, it doesn't come from any functions in '' or ''.

    So my guess is that it is a permissions issue on a file or URL, but I cannot find where ...

    How can I figure it out which file or url is "forbidden" ?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which errors do you get in the apache error.log?
    agentmoller001 likes this.
  3. blackangel

    blackangel New Member

    Only a code '200' in the access.log.

    As the page is well desserved by apache it is normal.

    The exception is raised by PHP but I've nothing in the logs. I think I will debug it using xdebug, it's my last call.
  4. blackangel

    blackangel New Member

    After hours of search, I've found that it was an apache mod causing this issue :mad:

    I've written a small PHP script to test the API.
    When I call login and next a function, it works.
    BUT, when the function is included in a loop, it crash after one or 2 occurrences.

    For a while, I've suspected suhosin but I've nothing in the logs about a suhosin alert.

    So I've looked into the apache mod, and the winner was: mod_evasive !

    It detects the loop as a DoS attack ... :confused:

    In conclusion: never enabled mod_evasive if your API need to be called in a loop.

    PS: I can't add a RESOLVED to my title, too bad
  5. Another option is to keep mod_evasive enabled and add the requesting/remote users IP address to the evasive.conf file -

    Jesse Norell likes this.

Share This Page