Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-20473

Apache Errors when browsing UCP

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Dev Review
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 14
    • Fix Version/s: None
    • Labels:
      None
    • Sprint:
      Sprint 12!
    • ToDo:

      Description

      ucp 14.0.3.6

      Seen on two systems, when logged in and using UCP, Apache errors are logged that look like:

      [root@lorne14-pro httpd]# grep denied error_log*
      error_log:[Tue Aug 20 08:19:01.519169 2019] [authz_core:error] [pid 10384] [client 10.224.50.3:50681] AH01630: client denied by server configuration: /var/www/html/admin/index.html
      error_log:[Tue Aug 20 19:01:32.395052 2019] [authz_core:error] [pid 7612] [client 10.12.29.48:65488] AH01630: client denied by server configuration: /var/www/html/admin/index.html
      error_log:[Thu Aug 22 15:20:32.969766 2019] [authz_core:error] [pid 21804] [client 10.224.50.3:54371] AH01630: client denied by server configuration: /var/www/html/admin/index.html
      error_log:[Fri Aug 23 12:13:28.294741 2019] [authz_core:error] [pid 21805] [client 10.224.50.9:61967] AH01630: client denied by server configuration: /var/www/html/ucp/index.html, referer: https://lorne14.sangoma.tech/admin/config.php?display=endpoint&view=extensions
      error_log:[Fri Aug 23 12:13:57.745921 2019] [authz_core:error] [pid 22041] [client 10.224.50.9:61983] AH01630: client denied by server configuration: /var/www/html/ucp/index.html, referer: https://lorne14.sangoma.tech/ucp/
      error_log:[Fri Aug 23 12:16:03.145598 2019] [authz_core:error] [pid 30775] [client 10.224.50.9:61991] AH01630: client denied by server configuration: /var/www/html/ucp/assets/js/compiled/main/bootstrap-toggle.min.js.map
      

      I'm not sure what the cause is, but this is a problem because fail2ban triggers on:

      [root@lorne14-pro filter.d]# grep "client denied by"  /etc/fail2ban/filter.d/apache-auth.conf
      failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
      

      so there is a risk that normal browsing can trigger a fail2ban ban.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fdanard Franck Danard
                  Reporter:
                  lgaetz Lorne Gaetz
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated: