Question
apache error 403 forbidden loading files css js img
- Posted September 17, 2019
- ApacheWordPressPHPDigitalOceanUbuntu 16.04
Please can someone help / debug and hopefully solve a strange issue I am having?
For some reason when I go to a URL that contains the word ‘blue’ the website css, js and images won’t load; in the browser console it says 403 forbidden for each asset. If I go to a page without blue in the URL everything loads! Really strange.
I’ve tested this on different devices / IPs. Same result when I go to -
- example.com/blue (doesn’t work)
- example.com/blue-room (doesn’t work)
- example.com/big-blue-ball (doesn’t work)
- example.com/sky-is-blue (doesn’t work)
- example.com/orange (works)
- example.com/orange-room (works)
Here’s logs from apache running php 7 ubuntu 16 -
error log
[access_compat:error] [pid 17355] [client 1.23.45.67:123] **AH01797**: client denied by server configuration: /sites/example/public_html/wp-content/themes/example/styles.css, referer: https://example.com/tag/blue/
access log
"GET /wp-content/themes/example/styles.css HTTP/1.1" 403 3907 "https://example.com/blue/" "Mozilla/5.0 (Windows NT 6.1; W$in64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36"
I’ve got fail2ban installed and the error code above matches this filter apache-auth.conf -
failregex = ^%(_apache_error_client)s (AH(01797|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
I disabled this filter and all references to it and tried testing with the fail2ban service stopped to see if the css, js and images load for the ‘blue’ pages but the issue still remains.
I’ve also flushed the fail2ban log and sql db. The issue is still there so it can’t be a fail2ban issue.
Is it possible fail2ban is still running when it is switched off? The apache log still produces the AH01797 error when fail2ban is off after I’ve visited a ‘blue’ page URL.
All I can think of there was a wordpress tag that had a fullstop in it like example.com/blue.room and fail2ban would ban my IP everytime I visited the page so I removed the fulltop and the page partially loaded but without the css, js and images which I am experiencing now.
The site has 2 config files as let encrypt the free SSL script duplicates the original. Here’s what they look like -
examplesite.com.conf
<VirtualHost *:80>
ServerAdmin example@example.com
ServerName www.example.com
DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName examplesite.com
Redirect permanent / http://www.examplesite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
examplesite.com-le-ssl.conf
<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com
SSLEngine on
DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
Include /etc/apache2/custom.d/globalblacklist.conf
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com
SSLEngine on
Redirect permanent / https://examplesite.com/
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>
<VirtualHost *:80>
ServerName examplesite.com
ServerAlias www.examplesite.com
Redirect permanent / https://examplesite.com/
</VirtualHost>
Any ideas what is going on?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Hi Bobby,
Inside filter.d there is a filter called apache-auth.conf which has -
The code AH01797 matches this in the access log -
I’ve tried stopping fail2ban and restarting apache but bug is still there :(
I haven’t got wordfence plugin or any wp security plugin like that I just use fail2ban.
Here’s a screenshot of Google devtools network tab comparing the bug page headers and a working page header info - https://i.imgur.com/EOEQN0i.jpg
Do you think as a last resort create a new site folder on the droplet?
Hello,
My guess would be that you have some Failregex defined in your
/etc/fail2ban/filter.ddirectory. I would recommend checking your config files in that directory for anything that could be matching thebluekeyword.Also, another thing that could be causing the problem might be a security Wordpress plugin. I would recommend going through your plugins as well and as a test try to temporary disable the security ones like Wordfence and see if this has any effect.
Regards, Bobby