Related

Not able to upload files to Nextcloud with Spaces as External Storage Question Question
WordPRess Files Removed Now What To Do? Question Question

Question

apache error 403 forbidden loading files css js img

Posted September 17, 2019 2.7k views
ApachePHPWordPressDigitalOceanUbuntu 16.04

Please can someone help / debug and hopefully solve a strange issue I am having?

For some reason when I go to a URL that contains the word ‘blue’ the website css, js and images won’t load; in the browser console it says 403 forbidden for each asset.
If I go to a page without blue in the URL everything loads! Really strange.

I’ve tested this on different devices / IPs. Same result when I go to -

  • example.com/blue (doesn’t work)
  • example.com/blue-room (doesn’t work)
  • example.com/big-blue-ball (doesn’t work)
  • example.com/sky-is-blue (doesn’t work)
  • example.com/orange (works)
  • example.com/orange-room (works)

Here’s logs from apache running php 7 ubuntu 16 -

error log

[access_compat:error] [pid 17355] [client 1.23.45.67:123] **AH01797**: client denied by server configuration: /sites/example/public_html/wp-content/themes/example/styles.css, referer: https://example.com/tag/blue/

access log

"GET /wp-content/themes/example/styles.css HTTP/1.1" 403 3907 "https://example.com/blue/" "Mozilla/5.0 (Windows NT 6.1; W$in64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36"

I’ve got fail2ban installed and the error code above matches this filter apache-auth.conf -

failregex = ^%(_apache_error_client)s (AH(01797|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$

I disabled this filter and all references to it and tried testing with the fail2ban service stopped to see if the css, js and images load for the 'blue’ pages but the issue still remains.

I’ve also flushed the fail2ban log and sql db. The issue is still there so it can’t be a fail2ban issue.

Is it possible fail2ban is still running when it is switched off? The apache log still produces the AH01797 error when fail2ban is off after I’ve visited a 'blue’ page URL.

All I can think of there was a wordpress tag that had a fullstop in it like example.com/blue.room and fail2ban would ban my IP everytime I visited the page so I removed the fulltop and the page partially loaded but without the css, js and images which I am experiencing now.

The site has 2 config files as let encrypt the free SSL script duplicates the original. Here’s what they look like -

examplesite.com.conf

<VirtualHost *:80>
ServerAdmin example@example.com
ServerName www.example.com
DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:80>
ServerName examplesite.com
Redirect permanent / http://www.examplesite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

examplesite.com-le-ssl.conf

<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com

SSLEngine on

DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
Include /etc/apache2/custom.d/globalblacklist.conf
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>

<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com

SSLEngine on

Redirect permanent / https://examplesite.com/
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>

<VirtualHost *:80>
ServerName examplesite.com
ServerAlias www.examplesite.com
Redirect permanent / https://examplesite.com/
</VirtualHost>

Any ideas what is going on?

Add a comment
twc8ac35a8636
By:
twc8ac35a8636
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
bobbyiliev September 19, 2019

Hello,

My guess would be that you have some Failregex defined in your /etc/fail2ban/filter.d directory. I would recommend checking your config files in that directory for anything that could be matching the blue keyword.

Also, another thing that could be causing the problem might be a security Wordpress plugin. I would recommend going through your plugins as well and as a test try to temporary disable the security ones like Wordfence and see if this has any effect.

Regards,
Bobby

Reply Report
twc8ac35a8636 September 22, 2019

Hi Bobby,

Inside filter.d there is a filter called apache-auth.conf which has -

failregex = ^%(_apache_error_client)s (AH(**01797**|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$

The code AH01797 matches this in the access log -

[access_compat:error] [pid 17355] [client 1.23.45.67:123] ****AH01797****: client denied by server configuration: /sites/example/public_html/wp-content/themes/example/styles.css, referer: https://example.com/tag/blue/
access log

I’ve tried stopping fail2ban and restarting apache but bug is still there :(

I haven’t got wordfence plugin or any wp security plugin like that I just use fail2ban.

Here’s a screenshot of Google devtools network tab comparing the bug page headers and a working page header info -
https://i.imgur.com/EOEQN0i.jpg

Do you think as a last resort create a new site folder on the droplet?

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help