store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Aug 18, 2019 5:31 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: false positives -[access_compat:error] AH01797: client denie
Unread postPosted: Thu Jun 30, 2016 12:14 pm 
Offline
New Forum User
New Forum User

Joined: Thu Jun 30, 2016 12:08 pm
Posts: 1
Location: Germany
Hi,

i have a Question.
I already discussed over Plesk Forum, why Customers getting Banned.
They refered to this Forum, hopefully to get help.

Details and Logs can be found here: https://talk.plesk.com/threads/fail2ban ... es.338472/

I saw that Customer gots banned with "apache Plesk" jail.
Im using Plesk 12.5 and Mod Security with Atomic Basic ModSecurity and nothing specific else, i turned the Settings to balanced.
I have Debian 8.5
Code:
[Thu Jun 30 12:37:38.445458 2016] [access_compat:error] [pid 12681] [client 79.246.64.98:53263] AH01797: client denied by server configuration: uri /wp-content/plugins/sucuri-scanner/inc/css/A.sucuri-scanner.min.css,qver=5580b26.pagespeed.cf.p5Dip6VJie.css, referer: http://customersdomain.eu/wp-admin/edit.php?post_type=dt_gallery
[Thu Jun 30 12:39:57.687013 2016] [access_compat:error] [pid 14515] [client 79.246.64.98:53295] AH01797: client denied by server configuration: uri /wp-content/plugins/sucuri-scanner/inc/css/A.sucuri-scanner.min.css,qver=5580b26.pagespeed.cf.p5Dip6VJie.css, referer: http://customersdomain.eu/wp-admin/edit.php?post_type=dt_gallery


this is a short output of the Log.

Any help/ advice, i would appreciate.


Top
 Profile  
Reply with quote  
 Post subject: Re: false positives -[access_compat:error] AH01797: client d
Unread postPosted: Thu Jun 30, 2016 1:12 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4081
Location: Chantilly, VA
Thank you for the question, so if these are the only errors you are seeing:

[Thu Jun 30 12:37:38.445458 2016] [access_compat:error] [pid 12681] [client 79.246.64.98:53263] AH01797: client denied by server configuration: uri /wp-content/plugins/sucuri-scanner/inc/css/A.sucuri-scanner.min.css,qver=5580b26.pagespeed.cf.p5Dip6VJie.css, referer: http://customersdomain.eu/wp-admin/edit ... dt_gallery
[Thu Jun 30 12:39:57.687013 2016] [access_compat:error] [pid 14515] [client 79.246.64.98:53295] AH01797: client denied by server configuration: uri /wp-content/plugins/sucuri-scanner/inc/css/A.sucuri-scanner.min.css,qver=5580b26.pagespeed.cf.p5Dip6VJie.css, referer: http://customersdomain.eu/wp-admin/edit ... dt_gallery

Then modsecurity is not whats causing this. Modsecurity doesnt generate error messages like that. They look like this:

[Fri Jun 03 15:56:11 2016] [error] [client 1.2.3.4] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "247"] [id "340155"] [rev "25"] [msg "Atomicorp.com WAF Rules: Generic SQL Injection protection"] [data "information_schema.tables"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Matched phrase "information_schema.tables" at ARGS:amp;t. [hostname "atomicorp.com"] [uri "/forums/viewtopic.php"] [unique_id "V1Hg20rQTRAAABN3YEAAAAAf"]

So, if you dont see errors like that, then its not modsecurity. What the errors you posted do tell me is that apache or the web application is denying access to those resources, either because the files/directories are not accessible by the client or the web server is otherwise denying access to them, for example an .htaccess configuration or modrewrite rules can cause these errors. Other modules may cause these errors too. I would check permissions on those files and directories, .htaccess files and any modrewrite rules to see if they are denying access.

If you need help resolving this issue, please let us know and we'll put a quote together to assist you.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group