• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Client denied by server configuration

N

nguyennc

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
18.0.54
Hi Folks,
I have a NodeJs app when I run it locally I can access a route and refresh the URL like 10 times per second and still get the value each time, however, when I deploy it, if I refresh like 10 times per second I only can get the value like some times at first then I got 403 error. Error logs show " client denied by server configuration: /var/www/vhosts/domain-name". I tried to run on a different hosting provider and it worked fine, the issue did not happen.
Any ideas to solve the problem?
I tried to turn on Web Application Firewall (ModSecurity) and restart the server but not working.
Thank you
 
nguyennc said:
I tried to turn on Web Application Firewall (ModSecurity)
Click to expand...
You should rather turn it off, if it is blocking the request. Much better would be to add the rule ID that is logged in error_log along with the 403 errors as an exception te Web Application Firewall exceptions.
 
Peter Debik said:
You should rather turn it off, if it is blocking the request. Much better would be to add the rule ID that is logged in error_log along with the 403 errors as an exception te Web Application Firewall exceptions.
Click to expand...
Hi Peter,
Thank you very much for your reply. Unfortunately, the issue has not been fixed even though I turned off the Web Application Firewall or added ID of rule to switch off the rule in error_log. FYI, the issue doesn't block me completely, after like 2 seconds I can be able to get value again.
And, the issue happened when I deployed the app not because I turned on the Web Application Firewall ( I just did it to try to solve the issue).
Generally, I think when a client sends too many requests from one or multiple URL to the server, it is not able to handle all of them, and then the server returns a 403 error instead of waiting to handle and return all results.
 
A return code for too many requests should then be 429. 403 is a kind of "permission denied" error. Maybe your script has some security mechanism implemented such as @UseGuards(UserAuthGuard) @ApiBearerAuth('JWT-auth')? If it is not ModSecurity and the issue occurs reactively, it is very likely caused by a script behavior.
 
Peter Debik said:
A return code for too many requests should then be 429. 403 is a kind of "permission denied" error. Maybe your script has some security mechanism implemented such as @UseGuards(UserAuthGuard) @ApiBearerAuth('JWT-auth')? If it is not ModSecurity and the issue occurs reactively, it is very likely caused by a script behavior.
Click to expand...
Thanks again for your reply, Peter. I tried to create a simple "hello world" app but got the same issue. Moreover, I just found out my WordPress site has the same issue. All errors return 403 but if I am on the main page ( route / ) it returns "Apache Testing 123 page", other routes return "403 Forbidden You do not have permission to access this document" page. The issue has happened since 3,4 months ago, it affects all subscriptions at the same time, so I think it will relate to Plesk setting on my side.
Thank you again for your positive support.
 
Let's sum-up what we know:
- The issue is not related to Node.js, but it affects other websites, too.
- It is intermittent. It occurs, but after a few seconds with additional loading attempts, it went away and the websites can be loaded.
- ModSecurity has been turned off, so that cannot be the cause.
- As it is intermittent, wrong file or directory permissions cannot be the cause.

There are some things you could still check:
- .htaccess file content: Do you have any rewrite rules in there? Are you using a security plugin in your Wordpress website?
- Are your Wordpress and Node.js websites in the same subscription? Do you happen to have an .htaccess file in the root directory of that subscription? (Remove that, please). Is your Node.js project in a subdirectory of your Wordpress website? (Move it out from there, give it its own directory.)
- Disable SELinux.
- Check if you are using other security related software and whether that could interfere.
- Maybe the issue is not on your server at all? Are you proxying your browser traffic? In that case it is thinkable that frequent requests to the same URL are blocked by the proxy, not by your server. A VPN maybe that interferes? (Disable VPN software.)
 
Peter Debik said:
Let's sum-up what we know:
- The issue is not related to Node.js, but it affects other websites, too.
- It is intermittent. It occurs, but after a few seconds with additional loading attempts, it went away and the websites can be loaded.
- ModSecurity has been turned off, so that cannot be the cause.
- As it is intermittent, wrong file or directory permissions cannot be the cause.

There are some things you could still check:
- .htaccess file content: Do you have any rewrite rules in there? Are you using a security plugin in your Wordpress website?
- Are your Wordpress and Node.js websites in the same subscription? Do you happen to have an .htaccess file in the root directory of that subscription? (Remove that, please). Is your Node.js project in a subdirectory of your Wordpress website? (Move it out from there, give it its own directory.)
- Disable SELinux.
- Check if you are using other security related software and whether that could interfere.
- Maybe the issue is not on your server at all? Are you proxying your browser traffic? In that case it is thinkable that frequent requests to the same URL are blocked by the proxy, not by your server. A VPN maybe that interferes? (Disable VPN software.)
Click to expand...
Yes. The information you have is correct. The issue affects all subscriptions.
It is intermittent. In other words, all subscriptions are working fine; however, if I intentionally refresh rapidly or when a loading page sends many requests at the same time, the issue will occur then after around 2 sec they will work again and keep repeating like this. I am really sure that the problem suddenly occurred about 4 months ago even though no change was made.
WordPress and Node websites are separated into different subscriptions.
All points in the list were checked but the issue still exists.
I also think maybe the issue is not on the server because I tried to disable all security or firewall things but I am still stuck on this. Look like I'm at a dead end.
 
You could submit a ticket to Plesk support, maybe they can find out more?

To sign-in to support please go to https://support.plesk.com

If you experience login issues, please see this KB article:
https://support.plesk.com/hc/en-us/...rt-plesk-com-and-password-reset-does-not-work

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
 
Peter Debik said:
You could submit a ticket to Plesk support, maybe they can find out more?

To sign-in to support please go to https://support.plesk.com

If you experience login issues, please see this KB article:
https://support.plesk.com/hc/en-us/...rt-plesk-com-and-password-reset-does-not-work

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
Click to expand...
Thank you very much for your help
 
You must log in or register to reply here.

Similar threads

S
Issue deploy ReactJS frontend and NodeJS as the backend
Replies
1
Views
240
sam1994
S
L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
370
loman
L
J
Resolved 504 Gateway timeout for nodejs config on plesk
Replies
4
Views
523
Jkendo
J
M
Question Issues after migrating Prestashop to a new server - getting 302 sometimes
Replies
1
Views
304
Sebahat.hadzhi
Sebahat.hadzhi
Kulturmensch
Resolved ModSecurity configuration files and directives remain on the server after its removal
Replies
3
Views
1K
Kulturmensch
Kulturmensch
Back
Top