pH7-Social-Dating-CMS: Authz_core errors in Logs

The site of my friend looks working, but got a lot of these errors in the logs:

[Thu Jul 12 12:25:15.194522 2018] [authz_core:error] [pid 11175] [client 141.135.190.184:45849] AH01630: client denied by server configuration: /home/user/domains/mydomain.com/private_html/index.shtml
[Thu Jul 12 13:56:44.433430 2018] [authz_core:error] [pid 24262] [client 54.36.148.248:27986] AH01630: client denied by server configuration: /home/user/domains/mydomain.com/public_html/data/system/modules/user/avatar/img/whitetiger870
[Thu Jul 12 14:01:17.818421 2018] [authz_core:error] [pid 24970] [client 54.36.148.74:58340] AH01630: client denied by server configuration: /home/user/domains/mydomain.com/public_html/data/system/modules/user/avatar/img/glory
[Thu Jul 12 14:38:31.631001 2018] [authz_core:error] [pid 30596] [client 84.30.xx.xx:51838] AH01630: client denied by server configuration: /home/user/domains/mydomain.com/private_html/index.shtml
~

Same kind of errors with /public_html instead of /private_html.

Using apache 2.4.33 PHP 5.6.36 (will be replace by 7.2 after the holidays) No mod_security present. Mod_ruid2 running. Private_html symlinked by control panel to public_html.

Any hints? P.s. I’ve seen that some of the directory’s requested don’t exist, but some in the logs do and there is that index.shtml thingy too.

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 41 (20 by maintainers)

Commits related to this issue

#234 Make sure those are file extension (at the end) — committed to pH7Software/pH7-Social-Dating-CMS by pH-7 6 years ago
#234 Simplify unnecessary complicated code; Use negated lookbehind regex instead — committed to pH7Software/pH7-Social-Dating-CMS by pH-7 6 years ago

Most upvoted comments

@BlackTiger63 Then fix the script and go on because you’re the only one complaining here. And other users gave you suggestion but you hang yourself to expecting error on our parts.

Have you did the installation in a virtual machine and building on one by one to see a fail point ? Don’t think so

Have tried disabling cache, minify and gzip ? Same answer (I told you how).

If you have loose configuration that may interfere, then it may also be part of your problem.

No me, I’m bailling out. I’m sure you’ll get help from others. Can’t help someone who doesn’t want to do some try out to resolve his problem. If you know the solution, then fix it. Workout yourself your own .htaccess . Look at the weekly download and only you get this.

polynamaude on Mar 12, 2021

Got another addition @pH-7 which I just found out. You might check out the .htaccess in the /public_html/data/ directory which denies all access to everything in the /data directory and below (so also the avatars jpg files in there), unless that is intended. At least the script is causing log entry’s about it.

BlackTiger63 on Jul 16, 2018

Reopening this as this is -not- a DA servers issue but a .htaccess issue.

Have a look at this: https://httpd.apache.org/docs/2.4/mod/core.html Since |sh| is in the Filesmatch directive, the log also shows the index.shtml denied because index.SHtml also contains the word “sh”.

Same for the access denied log entry’s to avatar images. /cache/pH7_cache/str/design/avatar/goldengorilla208/99dfc5661f2bcc0b0fe7b62xxxxxxxxxxx.cache.php

Which is the reason of the blocking of those access denied notices because cache.php also contains the word cache.

So the correct string in .htaccess should be: <FilesMatch "\.(cgi|pl|py|sh|bash|sql|tpl|ini|cache|log|tmp|txt)$"> with the dollar sign on the end.

The script is still blocking it’s own cache (so cached avatar) files this way with it’s .htaccess file. 😃

BlackTiger63 on Jul 16, 2018

@BlackTiger63 This has to do with your server and it’s why I said to use a virtual machine, starting with bare web server install the cms and install pieces from there to know when it break.

The request for .map is for your software to get a definition of the JS file so it’s totally normal.

Your CORS Cross Origin Request is probably a good indication that the problem is in the configuration of your virtual host as it is mixing the different origin of request on the same server. You’re using multiple domain name with one IP. Anyway we’re far from the CMS and any issue related to it.

polynamaude on Mar 12, 2021

I believe this is caused by Mod_Ruid2 this could be your problem try using CGI or have your server admin covert your account to CLI in the PHP manager this may help your site work properly this is not good to run with PHP7------> Mod_ruid2 running. Private_html symlinked by control panel to public_html.

And symlinked b y control panel I never herd of try cloud Linux symlink protection.

Regards

Vinny

On Fri, Jul 13, 2018 at 3:39 PM, Polyna-Maude R.-Summerside < notifications@github.com> wrote:

@BlackTiger63 https://github.com/BlackTiger63 No the video path does not exist at the root of your installation (/public_html in your case as I understand). It’s a normal thing as /video is the name of the video module only. There’s no direct correlation between the URL and the underlying filesystem representation.

You can look over at the issue you opened

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pH7Software/pH7-Social-Dating-CMS/issues/234#issuecomment-404933382, or mute the thread https://github.com/notifications/unsubscribe-auth/AdMNfUUIGt4aqUCKvm1V5YlDO0NgIkABks5uGPdugaJpZM4VMzHq .

vinny1962 on Jul 13, 2018