New host giving 403 on included files

We have a server working fine since 2007 with 332 domains, but since yesterday we cant get new websites working, the host is created without issues, cpanel ok, directory listed on domain, but when we upload for example a joomla installer, only the php is loaded, with all the js,css,images, etc giving 403 on browser console, and having the error "AH01630: client denied by server configuration" on server logs for the same files, BUT we can access those files directly on the browser, just 403 when php try to load them. We are running RHEL 6.10 and the lastest compatible v86.0.22 from the lts build. The last created host without issues was made on 2020-05-15, no changes on configurations made, just regular updates. The only strage thing we see on httpd.conf is that ALL new vhost are created after the legend "Define the main cPanel & WHM proxy subdomains", but besides that, all parameters are exactly the same as other working sites.


# END: HTTPS vhosts list

##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################


  ServerName exampledomain.com
    ServerAlias mail.exampledomain.com www.exampledomain.com
  DocumentRoot /home/exampledomain/public_html
  ServerAdmin webmaster@exampledomain.com
  UseCanonicalName Off
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl

  ## User exampledomain # Needed for Cpanel::ApacheConf
  
    
      
        
          UserDir enabled exampledomain
        
      
    
  

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  
    
      SSILegacyExprParser On
    
  

 

  
    suPHP_UserGroup exampledomain exampledomain
  
  
    
      SuexecUserGroup exampledomain exampledomain
    
  
  
    RMode config
    RUidGid exampledomain exampledomain
  
  
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID exampledomain exampledomain
  
  
    PassengerUser exampledomain
    PassengerGroup exampledomain
  

  
    SecRuleEngine Off
  


    # Global DCV Rewrite Exclude
    
        RewriteOptions Inherit
    



  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/std/2_4/exampledomain/exampledomain.com/*.conf"


  ServerName exampledomain.com
  ServerAlias mail.exampledomain.com www.exampledomain.com webdisk.exampledomain.com cpcontacts.exampledomain.com cpanel.exampledomain.com webmail.exampledomain.com cpcalendars.exampledomain.com
  DocumentRoot /home/exampledomain/public_html
  ServerAdmin webmaster@exampledomain.com
  UseCanonicalName Off
  Options -ExecCGI -Includes
  RemoveHandler cgi-script .cgi .pl .plx .ppl .perl

  ## User exampledomain # Needed for Cpanel::ApacheConf
  
    
      
        
          UserDir enabled exampledomain
        
      
    
  

  # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
  # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
  # the user's .htaccess file.  For more information, please read:
  #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
  
    
      SSILegacyExprParser On
    
  

 
  
       
          SecRuleEngine Off
       
  

  
    suPHP_UserGroup exampledomain exampledomain
  
  
    
      SuexecUserGroup exampledomain exampledomain
    
  
  
    RMode config
    RUidGid exampledomain exampledomain
  
  
    # For more information on MPM ITK, please read:
    #   http://mpm-itk.sesse.net/
    AssignUserID exampledomain exampledomain
  
  
    PassengerUser exampledomain
    PassengerGroup exampledomain
  

  
    SecRuleEngine Off
  
  
    SSLEngine on
    
    SSLCertificateFile /var/cpanel/ssl/apache_tls/exampledomain.com/combined

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    
      SSLOptions +StdEnvVars
    
  




  # To customize this VirtualHost use an include file at the following location
  # Include "/etc/apache2/conf.d/userdata/ssl/2_4/exampledomain/exampledomain.com/*.conf"

    
    RequestHeader set X-HTTPS 1
    

    RewriteEngine On
            RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
            RewriteCond %{HTTP_HOST} =cpcalendars.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpcalendars.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
            RewriteCond %{HTTP_HOST} =cpcontacts.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =cpcontacts.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
            RewriteCond %{HTTP_HOST} =webdisk.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =webdisk.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
        ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
            RewriteCond %{HTTP_HOST} =webmail.exampledomain.com [OR]
            RewriteCond %{HTTP_HOST} =webmail.exampledomain.com:443
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]

        RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
        ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0

            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com [OR]
                RewriteCond %{HTTP_HOST} =cpanel.exampledomain.com:443

            RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
            RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                RewriteCond %{HTTP_HOST} =webmail.exampledomain.com [OR]
                RewriteCond %{HTTP_HOST} =webmail.exampledomain.com:443

            RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]

# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS

cPanelLauren

June 23, 2020 16:55

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!

Xoles

June 24, 2020 05:40

Thanks Lauren Support Ticket ID is: 93501903

June 30, 2020 18:01

Fixed :)

June 30, 2020 18:05

The issue was some lines on the 2019 rules of "apache-ultimate-bad-bot-blocker"

New host giving 403 on included files

Comments

Didn't find what you were looking for?