store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Nov 26, 2014 9:27 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Apache Error: client denied by server configuration
Unread postPosted: Wed Aug 03, 2011 8:03 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 510
Location: Southampton, UK
Hi all,

I launched a new site for a client recently, and they have resonably high traffic as it is an asian radio station.

I've getting these errors in the error log:

Code:
[Wed Aug 03 22:15:04 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/
[Wed Aug 03 22:15:06 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:15:12 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:15:18 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:15:28 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/
[Wed Aug 03 22:15:34 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/
[Wed Aug 03 22:15:42 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:15:48 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:15:58 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/
[Wed Aug 03 22:16:04 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/
[Wed Aug 03 22:16:18 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.onair.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:16:24 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/listen-live/
[Wed Aug 03 22:16:40 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/
[Wed Aug 03 22:16:46 2011] [error] [client 86.166.2.237] client denied by server configuration: /var/www/vhosts/unity101.org/httpdocs/assets/asset.playing.php, referer: http://www.unity101.org/


Strange thing is they don't happen with every user, but do appear in the logs in batches about once maybe twice a day. Site is getting an average of 3-4k visits per month, at about 100-250 a day depending world wide.

These two php pages, being asset.playing.php and asset.onair.php are part of an AJAX script that runs on every page, and calls these php pages every 6 seconds (just changed it to 30 seconds).

I can't figure out what is causing this, and I've checked my htaccess files and there is nothing to do with that folder (assets) in the htaccess or mod_rewrite.

To throw another spanner in the works, today I got an email from the server saying:-

Code:
mod_evasive[27348]: Blacklisting address 86.166.2.237: possible DoS attack.


And it hasn't done that before. So at this point I'm not sure if it was a genuine attack, or something up with the users browser, or a coding issue even though not every user experiences it, and I've had no complaints yet.

Help?

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Apache Error: client denied by server configuration
Unread postPosted: Wed Aug 03, 2011 8:20 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3673
Location: Chantilly, VA
So it could be that you are triggering the web DOS protection limits, see this FAQ here:

https://www.atomicorp.com/wiki/index.ph ... figuration:

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Apache Error: client denied by server configuration
Unread postPosted: Wed Aug 03, 2011 8:35 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 510
Location: Southampton, UK
Thanks Mike.

I've set the limits to the settings on the wiki, but I've also adjusted the AJAX setInterval call to 30000, which should equal 30 seconds.

Hopefully this should solve the issue. Hopefully :)

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Apache Error: client denied by server configuration
Unread postPosted: Fri Sep 23, 2011 7:47 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 510
Location: Southampton, UK
Just in case anyone else has the same problem I did. By making the adjustments I mentioned above, the DDOS protection doesn't cause an issue with the AJAX functions on the site now.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Apache Error: client denied by server configuration
Unread postPosted: Fri Sep 23, 2011 12:39 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3673
Location: Chantilly, VA
So glad to hear it. Would you mind sharing what you did in case anyone else runs into a similar situation?

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Apache Error: client denied by server configuration
Unread postPosted: Fri Sep 23, 2011 1:23 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 510
Location: Southampton, UK
No problem, happy to.

In the ASL Web GUI, goto ASL Configuration in the Configuration menu.

Scroll down to the Mod_evasive section which is right at the bottom of the ASL Configuration section, and you're looking for the MODEV_DOSSiteCount and MODEV_DOSPageCount.

Now the defaults settings in Mod_evasive on ASL 3.0 don't match the settings on the wiki (), so all I did is change the settings to match the wiki.

Code:
MODEV_DOSPageCount="12"
MODEV_DOSSiteCount="400"
MODEV_DOSPageInterval="2"
MODEV_DOSSiteInterval="2"


The key settings to remember are MODEV_DOSPageCount, which is the threshhold for the number of requests for the same page (or URI) per page interval. And MODEV_DOSSiteCount which is the threshhold for the total number of requests for any object by the same client on the same listener per site interval.

Once you are finished, just hit Update and you're done.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group