1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Unexplained 403 errors

Discussion in 'Apache' started by Chuck Logan, Jan 2, 2019.

  1. #1
    Over the last couple of months we have noted that a few visitors to our web site are receiving 403 errors when accessing certain php scripts. Specifically there are exactly 4 IP addresses thus far that this is happening to, and coincidentally (or not) all 4 of these addresses are based in Norway. Hundreds of other daily hits to the same scripts from other IP's work perfectly. We have searched through all .htacess files and the various security and firewall components and there is nothing that would be blocking or limiting the addresses (3 different providers) that are receiving the 403's. We responded to an email from one of these partially blocked addresses when asked why they were getting the 403's and set up a very simple php script that echos "Hello World" for them to try. Again they receive a 403. Adding IP logging to this script and asking our registered users and staff to try accessing this simple script resulted in 309 hits and no errors. But during this same time period the 403 occurred repeatedly for the Norway-based IP. The only other time I recall seeing something similar was a few years ago when defending against injection attacks questionable query strings were blocked via .htaccess. In this case a 403 was generated, but looking at the logged query string the reason was obvious. In the present case the URL is a plain php script with no query or parameters. (x.php) Any thoughts on how or why this may be happening? Sanity checks appreciated!
    Chuck
    SEMrush
     
    Chuck Logan, Jan 2, 2019 IP
    SEMrush
  2. pavv

    pavv Active Member

    Messages:
    254
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #2
    Do you use mod_security rules?
    Did you check the Apache logs on the server?
     
    pavv, Jan 2, 2019 IP
  3. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    411
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #3
    Seems some type of traffic filter might be there. Have you tried to whitelist the IP range of those clients getting 403 on the server occasionally?
     
    hostechsupport, Jan 22, 2019 IP