Since quite a while (over a month now) I see lines like the following in the apache logs:
180.76.15.138 - - [24/Jun/2015:16:13:34 -0400] "GET /manual/de/mod/module-dict.html HTTP/1.1" 403 396 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
180.76.15.159 - - [24/Jun/2015:16:28:34 -0400] "GET /manual/es/mod/mod_cache_disk.html HTTP/1.1" 403 399 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
66.249.75.86 - - [24/Jun/2015:16:18:01 -0400] "GET /manual/es/programs/apachectl.html HTTP/1.1" 403 436 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
[Wed Jun 24 16:13:34.430884 2015] [access_compat:error] [pid 5059] [client 180.76.15.138:58811] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/de/mod/module-dict.html
[Wed Jun 24 16:18:01.037146 2015] [access_compat:error] [pid 2791] [client 66.249.75.86:56362] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/es/programs/apachectl.html
[Wed Jun 24 16:28:34.461298 2015] [access_compat:error] [pid 2791] [client 180.76.15.159:25833] AH01797: client denied by server configuration: /usr/share/doc/apache2-doc/manual/es/mod/mod_cache_disk.html
The requests seem to really come from Baiduspider and Googlebot (checked using reverse DNS as explained here):
user@server:~$ host 66.249.75.86
86.75.249.66.in-addr.arpa domain name pointer crawl-66-249-75-86.googlebot.com.
user@server:~$ host crawl-66-249-75-86.googlebot.com
crawl-66-249-75-86.googlebot.com has address 66.249.75.86
I have read similar questions about this topic like this and this, but for those, these errors are actually preventing the site to work correctly. In my case instead, the html pages that the bots try to access do not exist, and this is therefore the expected behaviour of Apache. Only annoyance, is that Google seems slow at indexing my site, although the Google Webmaster Tools do not show any errors.
I am using Apache version 2.4.7 with the following vhost configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/var/www/example.com/public"
<Directory />
Options None
AllowOverride None
Order Deny,Allow
Deny from all
Require all denied
</Directory>
<Directory "/var/www/example.com/public">
Options None
AllowOverride FileInfo Limit Options=FollowSymLinks
Order Allow,Deny
Allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/example.com/error.log
CustomLog /var/log/apache2/example.com/access.log combined
</VirtualHost>
My questions are therefore:
- why are Baiduspider and Googlebot repeatedly trying to access content on my site which is not there and not referred by any links on the site?
- how do requests like
GET /manual/de/mod/...get mapped to/usr/share/doc/apache2-doc/manual/de/mod/...while, to my understanding, they should go to/var/www/example.com/public/manual/de/mod/...? - in general: should I worry about those lines as a sign of misconfiguration, or is there an explanation for them?
Let’s explore more about the issue “AH01797: client denied by server configuration” in cPanel in this article. Bobcares, as a part of our cPanel & WHM Support Services offers solutions to every query that comes our way.
AH01797: client denied by server configuration in cPanel
Whenever we attempt to browse a website, a 403 forbidden error appears. Additionally, we can see a similar issue to “AH01797: client denied by server configuration” in the website error logs. Include the below code to .htaccess file and prevent the IP address from accessing the website.
Order allow,deny
Deny from all
In this case, we should edit the .htaccess file and remove the code which is blocking the IP address or all IP addresses from accessing the website.
Methods To Fix “AH01797: client denied by server configuration” in cPanel?
We have should know certain details before fixing the error “AH01797: client denied by server configuration” in cPanel. It includes the complete file system path where access is not possible, and the IP or hostname of the client as using the correct path in the directory block.
Method 1: In this method, we must confirm the IP address is properly added to any relative “allow” list before restricting any part of the website or application. We should also rename and save the htaccess file as htaccess.txt. Then save the correct PHP version by visiting Software >>> MultiPHP Manager. Also, visit Software >>> MultiPHP Editor or Select PHP Version, select the directory and check PHP values and save it. By doing this, we can create the.htaccess file with its default values.
Method 2: Here, we must confirm to properly include the IP address to any relative “allow” list before restricting any part of the website or application. Then disable any security plugins that add htaccess file directives. After that visually examining the htaccess file to locate and eliminate any rules that are incompatible with server. Fixing of the problem is possible by editing or commenting out the problematic directives in that module. Finally, save the .htaccess file with default settings.
[Looking for an answer to a different question? We are available 24/7.]
Conclusion
In this article, we have provided two simple solutions from our Tech team to fix the error, “AH01797: client denied by server configuration” in cPanel.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
sebadamus opened this issue
Feb 27, 2022
· 11 comments
Comments
Steps To Reproduce
No idea, I just checked the apache log after doing a CLI minor update (from within sudo bash /var/scripts/menu.sh). Everything seems to be working, but getting these errors spamming the apache log.
Expected Result
No errors in apache log?
Actual Result
[Sun Feb 27 19:40:54.647777 2022] [access_compat:error] [pid 3535:tid 139833976047360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/dashboard/js/dashboard.js
[Sun Feb 27 19:40:54.648029 2022] [access_compat:error] [pid 3535:tid 139833984440064] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/core/js/dist/unified-search.js
[Sun Feb 27 19:40:54.648228 2022] [access_compat:error] [pid 3535:tid 139833992832768] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/js
[Sun Feb 27 19:40:54.648300 2022] [access_compat:error] [pid 3535:tid 139833992832768] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:54.648715 2022] [access_compat:error] [pid 3535:tid 139833774548736] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/recommendations/js/dashboard.js
[Sun Feb 27 19:40:54.656115 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/dashboard/img/dashboard.svg
[Sun Feb 27 19:40:54.656258 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/avatar
[Sun Feb 27 19:40:54.656286 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:54.656452 2022] [access_compat:error] [pid 3535:tid 139834009618176] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/files/img/app.svg
[Sun Feb 27 19:40:54.656583 2022] [access_compat:error] [pid 3535:tid 139834018010880] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/activity/img/activity.svg
[Sun Feb 27 19:40:54.660692 2022] [access_compat:error] [pid 3535:tid 139833950869248] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/tasks/img/tasks.svg
[Sun Feb 27 19:40:54.660899 2022] [access_compat:error] [pid 3535:tid 139834009618176] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/img/app.svg
[Sun Feb 27 19:40:54.661023 2022] [access_compat:error] [pid 3535:tid 139833942476544] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/deck/img/deck.svg
[Sun Feb 27 19:40:54.661349 2022] [access_compat:error] [pid 3535:tid 139833934083840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/calendar/img/calendar.svg
[Sun Feb 27 19:40:54.661940 2022] [access_compat:error] [pid 3535:tid 139834009618176] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/firstrunwizard/img/info.svg
[Sun Feb 27 19:40:54.662455 2022] [access_compat:error] [pid 3535:tid 139833757746944] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/contacts/img/app.svg
[Sun Feb 27 19:40:54.690783 2022] [access_compat:error] [pid 3535:tid 139833934083840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/core/img/actions/logout.svg
[Sun Feb 27 19:40:54.812438 2022] [access_compat:error] [pid 3535:tid 139833757746944] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/img/help.svg
[Sun Feb 27 19:40:54.812545 2022] [access_compat:error] [pid 3535:tid 139833942476544] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/img/users.svg
[Sun Feb 27 19:40:54.812586 2022] [access_compat:error] [pid 3535:tid 139833950869248] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/img/apps.svg
[Sun Feb 27 19:40:54.812623 2022] [access_compat:error] [pid 3535:tid 139834018010880] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/img/admin.svg
[Sun Feb 27 19:40:56.489068 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/svg
[Sun Feb 27 19:40:56.489126 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.130292 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/recommendations/api
[Sun Feb 27 19:40:57.130378 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.462002 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/dashboard/img/kamil-porembinski-clouds.jpg
[Sun Feb 27 19:40:57.462271 2022] [access_compat:error] [pid 3535:tid 139833992832768] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/heartbeat
[Sun Feb 27 19:40:57.462331 2022] [access_compat:error] [pid 3535:tid 139833992832768] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.463199 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:57.463464 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:57.463603 2022] [access_compat:error] [pid 3535:tid 139833917298432] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/heartbeat
[Sun Feb 27 19:40:57.463663 2022] [access_compat:error] [pid 3535:tid 139833917298432] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.464445 2022] [access_compat:error] [pid 3535:tid 139833766147840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/svg
[Sun Feb 27 19:40:57.464497 2022] [access_compat:error] [pid 3535:tid 139833766147840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.471478 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:40:57.471681 2022] [access_compat:error] [pid 3535:tid 139833900513024] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/notifications/img/notifications.svg
[Sun Feb 27 19:40:57.471844 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/notifications/api
[Sun Feb 27 19:40:57.471968 2022] [access_compat:error] [pid 3535:tid 139833858549504] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:40:57.472162 2022] [access_compat:error] [pid 3535:tid 139833858549504] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/search
[Sun Feb 27 19:40:57.473771 2022] [access_compat:error] [pid 3535:tid 139833732544256] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:40:57.473957 2022] [access_compat:error] [pid 3535:tid 139833732544256] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/weather_status/api
[Sun Feb 27 19:40:57.690016 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/theming/img/core
[Sun Feb 27 19:40:57.690016 2022] [access_compat:error] [pid 3535:tid 139833766147840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/theming/img/core
[Sun Feb 27 19:40:57.690112 2022] [access_compat:error] [pid 3535:tid 139833766147840] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.690114 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:40:57.824129 2022] [access_compat:error] [pid 3535:tid 139833992832768] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/img/user-status-online.svg
[Sun Feb 27 19:40:58.187644 2022] [access_compat:error] [pid 3535:tid 139833732544256] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:40:58.187810 2022] [access_compat:error] [pid 3535:tid 139833732544256] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/weather_status/api
[Sun Feb 27 19:40:58.190590 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:40:58.190761 2022] [access_compat:error] [pid 3535:tid 139834001225472] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/apps/weather_status/api
[Sun Feb 27 19:40:58.268933 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:58.269092 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:58.516005 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/core/img/favicon-touch.png
[Sun Feb 27 19:40:58.516362 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/core/img/favicon.ico
[Sun Feb 27 19:40:58.552159 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:58.552405 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:58.806399 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:58.806666 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:58.806802 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:58.806948 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:59.032435 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:59.032660 2022] [access_compat:error] [pid 3535:tid 139833740945152] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:40:59.066366 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
[Sun Feb 27 19:40:59.066594 2022] [access_compat:error] [pid 3535:tid 139833724143360] [client 191.85.84.169:52887] AH01797: client denied by server configuration: /var/www/nextcloud/dav
[Sun Feb 27 19:41:04.828209 2022] [access_compat:error] [pid 3536:tid 139834001225472] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/settings
[Sun Feb 27 19:41:04.828370 2022] [access_compat:error] [pid 3536:tid 139834001225472] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:41:06.952294 2022] [access_compat:error] [pid 3536:tid 139834001225472] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/usersettings.js
[Sun Feb 27 19:41:06.952682 2022] [access_compat:error] [pid 3536:tid 139834009618176] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/templates.js
[Sun Feb 27 19:41:06.956455 2022] [access_compat:error] [pid 3536:tid 139834018010880] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/federationsettingsview.js
[Sun Feb 27 19:41:06.956823 2022] [access_compat:error] [pid 3536:tid 139833715742464] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/federationscopemenu.js
[Sun Feb 27 19:41:06.957199 2022] [access_compat:error] [pid 3536:tid 139833724143360] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/settings/personalInfo.js
[Sun Feb 27 19:41:06.957584 2022] [access_compat:error] [pid 3536:tid 139833732544256] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/vue-settings-personal-info.js
[Sun Feb 27 19:41:06.964274 2022] [access_compat:error] [pid 3536:tid 139833740945152] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/settings.js
[Sun Feb 27 19:41:06.964652 2022] [access_compat:error] [pid 3536:tid 139833749346048] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/admin.js
[Sun Feb 27 19:41:06.965057 2022] [access_compat:error] [pid 3536:tid 139833757746944] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/log.js
[Sun Feb 27 19:41:06.965422 2022] [access_compat:error] [pid 3536:tid 139833766147840] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/core/js/setupchecks.js
[Sun Feb 27 19:41:06.965815 2022] [access_compat:error] [pid 3536:tid 139833774548736] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/files/js/jquery.fileupload.js
[Sun Feb 27 19:41:06.967768 2022] [access_compat:error] [pid 3536:tid 139834001225472] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/settings/js/vue-settings-nextcloud-pdf.js
[Sun Feb 27 19:41:06.984582 2022] [access_compat:error] [pid 3536:tid 139833749346048] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/serverinfo/img/app-dark.svg
[Sun Feb 27 19:41:06.985219 2022] [access_compat:error] [pid 3536:tid 139834001225472] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/core/img/facebook.svg
[Sun Feb 27 19:41:07.257843 2022] [access_compat:error] [pid 3536:tid 139833732544256] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:41:07.258117 2022] [access_compat:error] [pid 3536:tid 139833732544256] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/api
[Sun Feb 27 19:41:07.309431 2022] [access_compat:error] [pid 3536:tid 139833732544256] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:41:07.309685 2022] [access_compat:error] [pid 3536:tid 139833732544256] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/notifications/api
[Sun Feb 27 19:41:07.331388 2022] [access_compat:error] [pid 3536:tid 139833766147840] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/apps/user_status/heartbeat
[Sun Feb 27 19:41:07.331452 2022] [access_compat:error] [pid 3536:tid 139833766147840] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/index.php
[Sun Feb 27 19:41:07.339003 2022] [access_compat:error] [pid 3536:tid 139833715742464] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/ocs/v2.php
[Sun Feb 27 19:41:07.339192 2022] [access_compat:error] [pid 3536:tid 139833715742464] [client 191.85.84.169:52890] AH01797: client denied by server configuration: /var/www/nextcloud/search
Screenshots, Videos, or Pastebins
No response
Additional Context
No response
Build Version
23.0.2.1
Environment
By downloading the VM
Environment Details
No response
Hi,
This is as it should be. Probably some blocked IP trying to reach different parts of the Nextcloud.
I’m guessing you use fail2ban? If not, it could also be the built in brute force protection by Nextcloud causing it.
Hi, thanks! nop, not fail2ban. Will try to investigate more… as also apache service wont start up unless I do it manually. Dont worry, you can close my issue. Thanks.
Thanks for investigating!
If you find the real cause, please let me know.
I reinstall Nextcloud Server with the install script you create on a new fresh virtualbox machine, the error continues to appear, anyway the nextcloud server seems to work without problem but with these errors in log file.
The IP addr you see in the errors, was my computer dynamic ip addr reaching the router addr where the linux machine running the vm behind NAT and tunneled 80,443 ports to it…. dont know why it gives these errors and anyway all seems to work fine.
If found anything else I will tell.
Thanks.
One more with newly installed Nextcloud Server using THE install script and AH01797 in error.log.
All seems to be working OK i.e. nothing critical but it is annoying.
Nextcloud 24.0.4
Ubuntu 22.04.1 LTS (Jammy Jellyfish)
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2022-06-14T12:30:21
You’re welcome to figure it out and post a PR in this repo so that everyone can enjoy the fix. 👍
Seems to be resolved by update in /var/www/nextcloud/config/.htaccess and /mnt/ncdata/.htaccess
<IfModule mod_access_compat.c>
Comments
# Order Allow,Deny
# Deny from all
# Satisfy All
New line
Require all denied
@sebadamus Maybe you can verify?
I experiencing the same issue. NC updated to 25.0.2 installed via install script
@Weax What does your Apache error log say?
After update to 25.0.2 I do have entries like below in Apache error log, again.
AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
AH01797: client denied by server configuration: /var/www/nextcloud/dav
/mnt/ncdata/.htaccess # Generated by Nextcloud on 2022-12-27 15:02:12
Updated as above
# Order Allow,Deny
# Deny from all
# Satisfy All
New line
Require all denied
systemctl restart apache2.service
No entries in Apache error log
OK, can someone send a PR to Nextcloud Server Core and fix this?
Thanks!
I’m trying to host a php based application with the following .htaccess values.
Options +FollowSymLinks
Options -Indexes
DirectoryIndex index.php
RewriteEngine On
RewriteBase /easydeposit
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
However, I keep facing the following two errors,
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/system/
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/private/
[access_compat:error] [pid 25330:tid 27] AH01797: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/application/
[authz_core:error] [pid 25330:tid 27] AH01630: client denied by server configuration: /home/abc/opt/apache/htdocs/xyz/.htaccess
I’m not sure why this is happening. Any help is appreciated.
asked Aug 27, 2012 at 10:48
If you have recently upgraded to a version of Apache greater than version 2.2, the authz_core error error might be coming from your httpd.conf or httpd-vhosts.conf file in the <Document> tags. mod_authz_core was introduced in Apache 2.3 and changed the way that access control is declared.
So, for example, instead of the 2.2 way of configuring <Directory>…
<Directory "C:/wamp">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Order and Allow directives have been replaced with the Require directive:
<Directory "C:/wamp">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Sources
http://www.andrejfarkas.com/2012/06/fun-with-wamp-server-and-apache-2-4-2/
http://httpd.apache.org/docs/2.4/upgrading.html
answered Nov 6, 2012 at 19:32
MabbageMabbage
7751 gold badge7 silver badges12 bronze badges
1
This question/answer got me to the documentation for which I’m thankful, and the following was what solved it for me.
Previous .htaccess file:
# password protection allowing multiple resources
AuthType Basic
AuthName "Restricted Area"
AuthUserFile C:pathto.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI "(path/to/public_files/.*)$" allow
# these lines must be updated
Order allow,deny
# Allowing an ip range:
Allow from 69.69.69
# Allowing another range:
Allow from 71.71.71
Satisfy any
This configuration was producing errors like:
[Thu Dec 08 10:29:20.347782 2016] [access_compat:error] [pid 2244:tid 15876] [client 93.93.93.93:49340] AH01797: client denied by server configuration: C:/path/to/index.php
updated for 2.4 configuration
# 7 lines unchanged...shown again for clarification
AuthType Basic
AuthName "Restricted Area"
AuthUserFile C:pathto.htpasswd
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Request_URI "(path/to/public_files/.*)$" allow
# these are the changes replacing:
# Order allow,deny
# Allow from <range>
# Satisfy any
Require ip 69.69.69
Require ip 71.71.71
Require all granted
answered Dec 8, 2016 at 16:52
WEBjujuWEBjuju
5,7074 gold badges27 silver badges36 bronze badges
I doubt this has anything to do with your htaccess file. The errors are thrown by mod_access_compat, which provides the Allow, Deny, Order, and Satisfy directives. Somewhere, you probably have your allow’s and deny’s configured wrong. As for the .htaccess error at the end, it’s from mod_authz_core, so there may be something upstream that blocks access to .htaccess files outright.
answered Aug 27, 2012 at 17:16
Jon LinJon Lin
142k29 gold badges217 silver badges218 bronze badges
Are you sure that your are allowed to override Options in your .htaccess file? check main apache config file for this
answered Aug 27, 2012 at 10:53
SadeqSadeq
716 bronze badges
1
Options +FollowSymLinks
Options -Indexes
on many shared hosting the above code often the main problems
answered Aug 27, 2012 at 11:02
1
And you are absolutely sure that the apache user (probably _www) has access to the directory (/home/abc/opt/apache/htdocs/xyz/)?
answered Aug 27, 2012 at 11:08
1
For me, there was an .htaccess file in the wp-config folder that had these entries
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
That caused icons in the interface to show up as squares.
answered Feb 24, 2019 at 19:40
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See for detailed information.
# In particular, see
#
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They’re here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server’s control files begin with «/» (or «drive:/» for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with «/», the value of ServerRoot is prepended — so ‘log/access_log’
# with ServerRoot set to ‘/www’ will be interpreted by the
# server as ‘/www/log/access_log’, where as ‘/log/access_log’ will be
# interpreted as ‘/log/access_log’.
#
# ServerRoot: The top of the directory tree under which the server’s
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot «/etc/httpd»
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen
#Listen
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule’ lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l’) do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
# ‘Main’ server configuration
#
# The directives in this section set up the values used by the ‘main’
# server, which responds to any requests that aren’t handled by a
# definition. These values also provide defaults for
# any containers you may define later in the file.
#
# All of these directives may appear inside containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn’t have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server’s filesystem. You must
# explicitly permit access to web content directories in other
# blocks below.
#
AllowOverride none
Require all denied
#
# Note that from this point forward you must specifically allow
# particular features to be enabled — so if something’s not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot «/var/www/html»
#
# Relax access to content within /var/www.
#
AllowOverride None
# Allow open access:
Require all granted
# Further relax access to the default document root:
#
# Possible values for the Options directive are «None», «All»,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that «MultiViews» must be named *explicitly* — «Options All»
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be «All», «None», or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.html
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Require all denied
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host’s errors will be logged there and not here.
#
ErrorLog «logs/error_log»
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat «%a %l %u %t «%r» %>s %b «%{Referer}i» «%{User-Agent}i»» combined
LogFormat «%a %l %u %t «%r» %>s %b» common
# You need to enable mod_logio.c to use %I and %O
LogFormat «%a %l %u %t «%r» %>s %b «%{Referer}i» «%{User-Agent}i» %I %O» combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a
# container, they will be logged here. Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog «logs/access_log» common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog «logs/access_log» combined
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server’s namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing «/» apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ «/var/www/cgi-bin/»
#
# «/var/www/cgi-bin» should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
AllowOverride None
Options None
Require all granted
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to «handlers»:
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add «ExecCGI» to the «Options» directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add «Includes» to the «Options» directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 «The server made a boo boo.»
#ErrorDocument 404 /missing.html
#ErrorDocument 404 «/cgi-bin/missing_handler.pl»
#ErrorDocument 402 www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the «/etc/httpd/conf.d» directory, if any.
IncludeOptional conf.d/*.conf
Include conf/vhosts-default/
Include conf/vhosts/