Question
apache error 403 forbidden loading files css js img
Please can someone help / debug and hopefully solve a strange issue I am having?
For some reason when I go to a URL that contains the word ‘blue’ the website css, js and images won’t load; in the browser console it says 403 forbidden for each asset.
If I go to a page without blue in the URL everything loads! Really strange.
I’ve tested this on different devices / IPs. Same result when I go to -
- example.com/blue (doesn’t work)
- example.com/blue-room (doesn’t work)
- example.com/big-blue-ball (doesn’t work)
- example.com/sky-is-blue (doesn’t work)
- example.com/orange (works)
- example.com/orange-room (works)
Here’s logs from apache running php 7 ubuntu 16 -
error log
[access_compat:error] [pid 17355] [client 1.23.45.67:123] **AH01797**: client denied by server configuration: /sites/example/public_html/wp-content/themes/example/styles.css, referer: https://example.com/tag/blue/
access log
"GET /wp-content/themes/example/styles.css HTTP/1.1" 403 3907 "https://example.com/blue/" "Mozilla/5.0 (Windows NT 6.1; W$in64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36"
I’ve got fail2ban installed and the error code above matches this filter apache-auth.conf -
failregex = ^%(_apache_error_client)s (AH(01797|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
I disabled this filter and all references to it and tried testing with the fail2ban service stopped to see if the css, js and images load for the 'blue’ pages but the issue still remains.
I’ve also flushed the fail2ban log and sql db. The issue is still there so it can’t be a fail2ban issue.
Is it possible fail2ban is still running when it is switched off? The apache log still produces the AH01797 error when fail2ban is off after I’ve visited a 'blue’ page URL.
All I can think of there was a wordpress tag that had a fullstop in it like example.com/blue.room and fail2ban would ban my IP everytime I visited the page so I removed the fulltop and the page partially loaded but without the css, js and images which I am experiencing now.
The site has 2 config files as let encrypt the free SSL script duplicates the original. Here’s what they look like -
examplesite.com.conf
<VirtualHost *:80>
ServerAdmin example@example.com
ServerName www.example.com
DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName examplesite.com
Redirect permanent / http://www.examplesite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =examplesite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
examplesite.com-le-ssl.conf
<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com
SSLEngine on
DocumentRoot /sites/examplesite/public_html
<Directory />
AllowOverride All
</Directory>
<Directory /sites/examplesite/public_html>
Options Indexes FollowSymLinks MultiViews
Include /etc/apache2/custom.d/globalblacklist.conf
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/apache2/examplesite.com-error.log
LogLevel error
CustomLog /var/log/apache2/examplesite.com-access.log combined
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin example@example.com
ServerName example.com
SSLEngine on
Redirect permanent / https://examplesite.com/
SSLCertificateFile /etc/letsencrypt/live/examplesite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/examplesite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/examplesite.com/chain.pem
</VirtualHost>
<VirtualHost *:80>
ServerName examplesite.com
ServerAlias www.examplesite.com
Redirect permanent / https://examplesite.com/
</VirtualHost>
Any ideas what is going on?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×