403 Forbidden / AH01630: client denied by server configuration

[ThomasK]

Hi,

Yesterday I ran into an Exim problem, it wouldn't allow sending out emails anymore, this happened after running the latest upgrade of all packages via Custombuild 2.0 web interface.

After trying a couple of things I decided to rebuild everything. It resolved the Exim issue.

I suspect it had to do with Spamd or Spamassassin setting (that was the only thing I could see differently.) However it gave me an Apache error that was related to httpd-directories.conf, it was linked to httpd-directories-old.conf when I deleted the link and relinked it to httpd-directories-new.conf everything was ok again.

Until the first automatic reload of apache last night, now all customer sites show a 403 Forbidden.

Apache logs shows: AH01630: client denied by server configuration: /home/admin/domains/domainname/private_html/

I can't seem to resolve this, a fresh rebuild of apache also does not resolve this.

There has been no other changes to this server.

What am I missing here? Best, Thomas.

 

[ThomasK]

Found Require all denied in the default config, when commented out everything works again.

Is this suppose to be in there (httpd-directories-new.conf) ?


<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
# Require all denied
</Directory>

 

[WisDumb]

I just checked the file on my server and it's there in mine as well. It looks like that is a deny for just /... I think you may want that on all denied.

Did you do anything else after commenting that out like rebuild or anything?

 

[Richard G]

Have a look at this:

Apache's failing because of FollowSymlinks in 2.4.48

All our servers that just updated to Apache 2.4.48 are starting to fail because of this: May 26 12:01:06 server01.xxx.nl httpd[49971]: AH00526: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-directories.conf: May 26 12:01:06 server01.xxx.nl httpd[49971]: Option FollowSymLinks not allowed...

forum.directadmin.com

 

[ThomasK]

Have a look at this:

Apache's failing because of FollowSymlinks in 2.4.48

All our servers that just updated to Apache 2.4.48 are starting to fail because of this: May 26 12:01:06 server01.xxx.nl httpd[49971]: AH00526: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-directories.conf: May 26 12:01:06 server01.xxx.nl httpd[49971]: Option FollowSymLinks not allowed...

forum.directadmin.com

I checked, I'm on Custombuild 2.0.0 (rev: 2714)

doing this:

cd /usr/local/directadmin/custombuild
./build update
./build apache

installs everything just fine but I still need to comment out the "Require all denied" in httpd-directories.conf like this:


<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None

# Require all denied
</Directory>

If I uncomment the "Require all denied" all websites for all customers go on 403 Forbidden....

 

[Richard G]

It was linked to httpd-directories-old.conf when I deleted the link and relinked it to httpd-directories-new.conf everything was ok again.

That's not good. Like this you're messing with apache and the way DA is working with it and this will likely cause odd issues further on. Not a good way to fix things.
The httpd-directories.conf -> httpd-directories-old.conf link is normal.

I would suggest to start by changing it back again.
However, it's odd, because normally when you build apache, the default files are rebuild so it should link to the -old again. Unless you changed that again.
Changes to these things are made via a custom directory somewhere else, not by relinking or changing the files there directly.

I think best might be to login via SSH and build from there. First I would put that link back to where it was.

Then login via SSH.
You could either use the ./build all d command to rebuild everything.

Or try to rebuild Exim, exim.conf and also Apache, but do not forget to give this command as last:
./build rewrite_confs

Keep looking at the process if you don't encounter any odd errors.