Issue Random 403 Forbidden errors

[jfernandez]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

Version 18.0.55 Update #2

Hello!

In the last weeks our sites started to show random 403 forbidden errors.

• It happens on different machines (both CentOS Linux 7.9.2009 (Core) Version 18.0.55 Update #2)
• If you just F5, after the error, then you can navigate so it's not a permission problem.
• Web Application Firewall is enabled in one of the machines but disabled on the other.
• We've changed nothing. No configuration, no file changes, nothing.
• The only change are the automatic Plesk updates.
• I've seen the logs and they just show lots of 403 forbidden lines with no more clue.
• The 18.0.55 Change Log contains this: "Added a more specific error message for cases when Website Log Check detects the “403 Forbidden” error related to the .htaccess and .htpasswd Apache files. (PPPM-14089)" maybe related?

Additionlay, I'm also seeing hundreds of errors from SSLit! (on both machines) saying:
"Error creating new account :: contact email "[email protected]" has invalid domain : Domain name does not end with a valid public suffix (TLD)"
BUT! all my domain/subdomains certificates are OK and expire in ~70 days AND the configured email is a real email and not that one that SSLit! states.

Any clue/help on where else to look at would be appreciated.
Thanks!

 

[Peter Debik]

I have not seen similar reports here yet, so probably your best bet is to open a ticket with Plesk support. They will investigate the issue directly on your server and eventually solve it for you: https://support.plesk.com

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-

 

[jfernandez]

I have not seen similar reports here yet, so probably your best bet is to open a ticket with Plesk support. They will investigate the issue directly on your server and eventually solve it for you: https://support.plesk.com

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-

Thanks for your reply. Yeah, I have dozens of machines with licenses from a reseller (ionos) but I guess they do not give this kind of support since all of them are unmanaged VPS. I'll take a look at those links, thanks gain.

 

[ic3_2k]

I'm facing same issue with one of the domains on my plesk

 

[ic3_2k]

In my case found the error is caused by random requests sent to /var/www/vhost/domain/httpdocs instado of the confoguref webroot in /var/www/vhost/domain/customwebroot

 

[Peter Debik]

@ic3_2k That is strange, because the document root is set in the webserver configuration file(s) and there is only one document root per domain. Could it be possible that these files were manually edited so that for example the non-ssl part was using a different document root than the ssl part?

 

[ic3_2k]

@ic3_2k That is strange, because the document root is set in the webserver configuration file(s) and there is only one document root per domain. Could it be possible that these files were manually edited so that for example the non-ssl part was using a different document root than the ssl part?

no, the only person who can actually change manualy that files is me, and I didn't manually edited any config file.

as the problem was only happening with the tree or four last domain added, I decided to restart apacha and nginx services, and now looks like is happening no more.... maybe when this services go crazy they uses the predefined httpdocs value?