Page 1 of 1

Apache Error: client denied by server configuration

Posted: Wed Aug 03, 2011 8:03 pm
by laughingbuddha
Hi all,

I launched a new site for a client recently, and they have resonably high traffic as it is an asian radio station.

I've getting these errors in the error log:

Code: Select all

[Wed Aug 03 22:15:04 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:15:06 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:15:12 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:15:18 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:15:28 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:15:34 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:15:42 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:15:48 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:15:58 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:16:04 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:16:18 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:16:24 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/ 
[Wed Aug 03 22:16:40 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/ 
[Wed Aug 03 22:16:46 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/ 
Strange thing is they don't happen with every user, but do appear in the logs in batches about once maybe twice a day. Site is getting an average of 3-4k visits per month, at about 100-250 a day depending world wide.

These two php pages, being asset.playing.php and asset.onair.php are part of an AJAX script that runs on every page, and calls these php pages every 6 seconds (just changed it to 30 seconds).

I can't figure out what is causing this, and I've checked my htaccess files and there is nothing to do with that folder (assets) in the htaccess or mod_rewrite.

To throw another spanner in the works, today I got an email from the server saying:-

Code: Select all

mod_evasive[27348]: Blacklisting address 86.166.2.237: possible DoS attack.
And it hasn't done that before. So at this point I'm not sure if it was a genuine attack, or something up with the users browser, or a coding issue even though not every user experiences it, and I've had no complaints yet.

Help?

Re: Apache Error: client denied by server configuration

Posted: Wed Aug 03, 2011 8:20 pm
by mikeshinn
So it could be that you are triggering the web DOS protection limits, see this FAQ here:

https://www.atomicorp.com/wiki/index.ph ... figuration:

Re: Apache Error: client denied by server configuration

Posted: Wed Aug 03, 2011 8:35 pm
by laughingbuddha
Thanks Mike.

I've set the limits to the settings on the wiki, but I've also adjusted the AJAX setInterval call to 30000, which should equal 30 seconds.

Hopefully this should solve the issue. Hopefully :)

Re: Apache Error: client denied by server configuration

Posted: Fri Sep 23, 2011 7:47 am
by laughingbuddha
Just in case anyone else has the same problem I did. By making the adjustments I mentioned above, the DDOS protection doesn't cause an issue with the AJAX functions on the site now.

Re: Apache Error: client denied by server configuration

Posted: Fri Sep 23, 2011 12:39 pm
by mikeshinn
So glad to hear it. Would you mind sharing what you did in case anyone else runs into a similar situation?

Re: Apache Error: client denied by server configuration

Posted: Fri Sep 23, 2011 1:23 pm
by laughingbuddha
No problem, happy to.

In the ASL Web GUI, goto ASL Configuration in the Configuration menu.

Scroll down to the Mod_evasive section which is right at the bottom of the ASL Configuration section, and you're looking for the MODEV_DOSSiteCount and MODEV_DOSPageCount.

Now the defaults settings in Mod_evasive on ASL 3.0 don't match the settings on the wiki (), so all I did is change the settings to match the wiki.

Code: Select all

MODEV_DOSPageCount="12"
MODEV_DOSSiteCount="400"
MODEV_DOSPageInterval="2"
MODEV_DOSSiteInterval="2"
The key settings to remember are MODEV_DOSPageCount, which is the threshhold for the number of requests for the same page (or URI) per page interval. And MODEV_DOSSiteCount which is the threshhold for the total number of requests for any object by the same client on the same listener per site interval.

Once you are finished, just hit Update and you're done.