Facebook
Twitter
Username: Peter Debik
TITLE
AWStats access protection incompatible with Apache 2.4, causes "client denied by server configuration", triggers fail2ban
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Obsidian 18.0.32, latest MU
CentOS 7.9
PROBLEM DESCRIPTION
Issue appears since update from Onyx 17.8 to Obsidian 18.0.32. With the ugprade, it seems that a change was made to Apache, too. Now this happens:
When a customer opens AWStats, he is prompted to enter the FTP user name and password. After entering the credentials, access is granted. But on many files, still a "client denied by server configuration" is logged (although access was granted). We think it is the same issue described here:
.png.cfa0d94e3dd662c62583f1674220e6b9.png)
www.prestashop.com
The article is about Prestashop, but the behavior is the same, and after the upgrade from Onyx to Obsidian we have seen many cases where the same solution was also needed for other software, not only Prestashop. Our clients are now describing the same issue with AWStats password protection, so it is quite likely that this has the same cause, because there have not been issues before.
STEPS TO REPRODUCE
Password-protect the statistics directory, login, click around in some sub pages.
ACTUAL RESULT
"client denied by server configuration" will be logged although login was correct. Fail2ban reads the entry in the logs, uses the Apache jail and blocks access for the requesting IP.
EXPECTED RESULT
No "client denied by server configuration" logged.
ANY ADDITIONAL INFORMATION
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
AWStats access protection incompatible with Apache 2.4, causes "client denied by server configuration", triggers fail2ban
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Obsidian 18.0.32, latest MU
CentOS 7.9
PROBLEM DESCRIPTION
Issue appears since update from Onyx 17.8 to Obsidian 18.0.32. With the ugprade, it seems that a change was made to Apache, too. Now this happens:
When a customer opens AWStats, he is prompted to enter the FTP user name and password. After entering the credentials, access is granted. But on many files, still a "client denied by server configuration" is logged (although access was granted). We think it is the same issue described here:
Prestashop 1.7.4.2 has issues: "AH01630: client denied by server configuration"
Running Prestashop on PHP7.1 and tested also on PHP7.2 it seems that there are some nasty issues with Prestashop.. For example: If I change the quantities of a specific product and click on SAVE, the shop tells me it's saved. If I go to another product or whatever to do something else and return ...
www.prestashop.com
The article is about Prestashop, but the behavior is the same, and after the upgrade from Onyx to Obsidian we have seen many cases where the same solution was also needed for other software, not only Prestashop. Our clients are now describing the same issue with AWStats password protection, so it is quite likely that this has the same cause, because there have not been issues before.
STEPS TO REPRODUCE
Password-protect the statistics directory, login, click around in some sub pages.
ACTUAL RESULT
"client denied by server configuration" will be logged although login was correct. Fail2ban reads the entry in the logs, uses the Apache jail and blocks access for the requesting IP.
EXPECTED RESULT
No "client denied by server configuration" logged.
ANY ADDITIONAL INFORMATION
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
