• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Random 403 Forbidden errors

J

jfernandez

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Version 18.0.55 Update #2
Hello!

In the last weeks our sites started to show random 403 forbidden errors.
  • It happens on different machines (both CentOS Linux 7.9.2009 (Core) Version 18.0.55 Update #2)
  • If you just F5, after the error, then you can navigate so it's not a permission problem.
  • Web Application Firewall is enabled in one of the machines but disabled on the other.
  • We've changed nothing. No configuration, no file changes, nothing.
  • The only change are the automatic Plesk updates.
  • I've seen the logs and they just show lots of 403 forbidden lines with no more clue.
  • The 18.0.55 Change Log contains this: "Added a more specific error message for cases when Website Log Check detects the “403 Forbidden” error related to the .htaccess and .htpasswd Apache files. (PPPM-14089)" maybe related?
Additionlay, I'm also seeing hundreds of errors from SSLit! (on both machines) saying:
"Error creating new account :: contact email "[email protected]" has invalid domain : Domain name does not end with a valid public suffix (TLD)"
BUT! all my domain/subdomains certificates are OK and expire in ~70 days AND the configured email is a real email and not that one that SSLit! states.

Any clue/help on where else to look at would be appreciated.
Thanks!
 
Peter Debik said:
I have not seen similar reports here yet, so probably your best bet is to open a ticket with Plesk support. They will investigate the issue directly on your server and eventually solve it for you: https://support.plesk.com

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
Click to expand...
Thanks for your reply. Yeah, I have dozens of machines with licenses from a reseller (ionos) but I guess they do not give this kind of support since all of them are unmanaged VPS. I'll take a look at those links, thanks gain.
 
In my case found the error is caused by random requests sent to /var/www/vhost/domain/httpdocs instado of the confoguref webroot in /var/www/vhost/domain/customwebroot
 
@ic3_2k That is strange, because the document root is set in the webserver configuration file(s) and there is only one document root per domain. Could it be possible that these files were manually edited so that for example the non-ssl part was using a different document root than the ssl part?
 
Peter Debik said:
@ic3_2k That is strange, because the document root is set in the webserver configuration file(s) and there is only one document root per domain. Could it be possible that these files were manually edited so that for example the non-ssl part was using a different document root than the ssl part?
Click to expand...
no, the only person who can actually change manualy that files is me, and I didn't manually edited any config file.

as the problem was only happening with the tree or four last domain added, I decided to restart apacha and nginx services, and now looks like is happening no more.... maybe when this services go crazy they uses the predefined httpdocs value?
 
ic3_2k said:
as the problem was only happening with the tree or four last domain added, I decided to restart apacha and nginx services, and now looks like is happening no more.... maybe when this services go crazy they uses the predefined httpdocs value?
Click to expand...
I encountered a similar issue on my Plesk server running Ubuntu 18.04.6 LTS and Plesk Obsidian Version 18.0.59 Update #2. After setting up a new customer and creating two domains, I changed the web root from the default ~/htdocs to ~/domain1.com/public and ~/domain2.com/public. Upon installing WordPress, I experienced random 404 and 403 errors. Sometimes the page loaded, but some assets like CSS and JS files were not consistently loading. Restarting Apache and Nginx, as suggested by ic3_2k, resolved the issue.

It seems there might be a configuration problem during domain setup in Plesk. A server restart helps, but it's likely an underlying config issue when creating domains. This thread ranked high in my Google search for "Plesk random 403," so others might face this too.
 
You must log in or register to reply here.

Similar threads

Z
Issue 403 Forbidden errors
Replies
1
Views
831
A_SH
A_SH
Z
Issue 403 Forbidden errors
Replies
1
Views
442
zain
Z
S
Resolved How to Redirect /usage folder from 403 to 404 http code
Replies
2
Views
1K
siska8080
S
I
Issue Let's Encrypt "urn:ietf:params:acme:error:caa" 403 failure
Replies
10
Views
5K
iainh
I
H.W.B
Issue Can not run CGI-BIN scripts Error 403
Replies
7
Views
2K
H.W.B
H.W.B
Back
Top