0
Answered

403 Forbidden

Luan Jenkins 5 years ago updated by Eugene Pankov (Project coordinator) 5 years ago 12
Hey Sorry I'm new at this. I installed Ajenti V command line. I followed the tutorial to get a wordpress blog up but am still having trouble getting everything to work. I'm still getting a 403 Forbidden error on the domain. Here's what my vh.json looks like. Thanks so much in advance for the help.

{
"websites": [
{
"maintenance_mode": false,
"locations": [
{
"custom_conf_override": false,
"path_append_pattern": false,
"pattern": "[^/]\\.php(/|$)",
"custom_conf": "# Zero-day exploit defense.\n# http://forum.nginx.org/read.php?2,88845,page=3\n# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.\n# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.\ntry_files $uri =404;\nfastcgi_split_path_info ^(.+\\.php)(/.+)$;",
"path": "/srv/blog",
"match": "regex",
"backend": {
"params": {
"pm_min": 1,
"pm_max": 60,
"php_admin_values": "open_basedir = none;",
"php_flags": "",
"pm": "dynamic"
},
"type": "php-fcgi"
}
}
],
"custom_conf": "# This order might seem weird - this is attempted to match last if rules below fail.\nlocation / {\n\ttry_files $uri $uri/ /index.php?$args;\n}\n\n# Add trailing slash to */wp-admin requests.\nrewrite /wp-admin$ $scheme://$host$uri/ permanent;\n\n# Directives to send expires headers and turn off 404 error logging.\nlocation ~* ^.+\\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {\n access_log off; log_not_found off; expires max;\n}\n\nlocation = /favicon.ico {\n\tlog_not_found off;\n\taccess_log off;\n}\nlocation = /robots.txt {\n\tallow all;\n\tlog_not_found off;\n\taccess_log off;\n}\n\n# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~ /\\. {\n\tdeny all;\n}\n# Deny access to any files with a .php extension in the uploads directory\n# Works in sub-directory installs and also in multisite network\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~* /(?:uploads|files)/.*\\.php$ {\n\tdeny all;\n}",
"ssl_key_path": "",
"owner": "root",
"ssl_cert_path": "",
"custom_conf_toplevel": "",
"name": "Blog",
"enabled": true,
"extensions": {
"ajenti.plugins.vh.processes.ProcessesExtension": {
"processes": []
},
"ajenti.plugins.vh-mysql.mysql.MySQLExtension": {
"users": [],
"databases": []
}
},
"domains": [
{
"domain": "k-leap.com"
}
],
"root": "/srv/blog",
"ports": [
{
"spdy": false,
"ssl": false,
"host": "*",
"port": 80,
"default": false
}
]
}
]
}
Under review
Do directory permissions allow access by web server (www-data user)? Try clicking "Fix permissions" on General tab.
Also, check /var/log/nginx/.....error.log for exact error.
Sorry but I'm looking for directory permissions. All I see is under "MySQL" tab there's a button that says "Grant All Permissions", is that what you're talking about. I tried clicking on the "Fix permissions" under General/Website Files...

This is what I'm getting for my "blog.error.log" file: 

2014/11/16 11:22:55 [error] 11057#0: *152 directory index of "/srv/blog/" is forbidden, client: 130.211.148.42, server: k-leap.com, request: "GET / HTTP/1.0", host: "k-leap.com"
2014/11/16 16:13:06 [error] 11057#0: *162 directory index of "/srv/blog/" is forbidden, client: 202.46.60.60, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 16:14:48 [error] 11057#0: *163 directory index of "/srv/blog/" is forbidden, client: 119.63.193.130, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 22:55:18 [error] 11057#0: *178 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:00:44 [error] 18591#0: *1 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:00:45 [error] 18591#0: *1 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:01:57 [error] 18591#0: *3 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:01:58 [error] 18591#0: *3 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:05:48 [error] 18591#0: *5 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:05:54 [error] 18591#0: *5 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"
2014/11/16 23:05:54 [error] 18591#0: *5 directory index of "/srv/blog/" is forbidden, client: 1.52.173.186, server: k-leap.com, request: "GET / HTTP/1.1", host: "k-leap.com"


Thanks in advanced for your help.
>> directory index of "/srv/blog/" is forbidden

You have your website Content set up as Static Files (or not configured at all), but directory listings are disabled.
I'm sorry, I'm still a beginner. Can you be more specific as to how to make it not a static file and un disable the directory files? Thanks
Please post your current configuration (/etc/ajenti/vh.json file). Also make sure that all Configuration checks are ok on the Websites page.
{
"websites": [
{
"maintenance_mode": false,
"locations": [
{
"custom_conf_override": false,
"path_append_pattern": false,
"pattern": "[^/]\\.php(/|$)",
"custom_conf": "# Zero-day exploit defense.\n# http://forum.nginx.org/read.php?2,88845,page=3\n# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.\n# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.\ntry_files $uri =404;\nfastcgi_split_path_info ^(.+\\.php)(/.+)$;",
"path": "",
"match": "regex",
"backend": {
"params": {
"php_admin_values": "open_basedir = none;",
"php_flags": ""
},
"type": "php-fcgi"
}
}
],
"custom_conf": "# This order might seem weird - this is attempted to match last if rules below fail.\nlocation / {\n\ttry_files $uri $uri/ /index.php?$args;\n}\n\n# Add trailing slash to */wp-admin requests.\nrewrite /wp-admin$ $scheme://$host$uri/ permanent;\n\n# Directives to send expires headers and turn off 404 error logging.\nlocation ~* ^.+\\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {\n access_log off; log_not_found off; expires max;\n}\n\nlocation = /favicon.ico {\n\tlog_not_found off;\n\taccess_log off;\n}\nlocation = /robots.txt {\n\tallow all;\n\tlog_not_found off;\n\taccess_log off;\n}\n# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~ /\\. {\n\tdeny all;\n}\n# Deny access to any files with a .php extension in the uploads directory\n# Works in sub-directory installs and also in multisite network\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~* /(?:uploads|files)/.*\\.php$ {\n\tdeny all;\n}",
"ssl_key_path": "",
"owner": "root",
"ssl_cert_path": "",
"custom_conf_toplevel": "",
"name": "app.mailingboss.com",
"enabled": true,
"extensions": {
"ajenti.plugins.vh.processes.ProcessesExtension": {
"processes": []
},
"ajenti.plugins.vh-pureftpd.pureftpd.PureFTPDExtension": {
"username": "appmailingbosscom",
"password": "",
"user": null,
"created": true
},
"ajenti.plugins.vh-mysql.mysql.MySQLExtension": {
"users": [
{
"password": "",
"name": "appmailingboss"
}
],
"databases": [
{
"name": "appmailingbosscom"
}
]
}
},
"domains": [
{
"domain": "app.mailingboss.com"
}
],
"root": "/srv/app_mailingboss",
"ports": [
{
"spdy": false,
"ssl": false,
"host": "*",
"port": 80,
"default": false
}
]
},
{
"maintenance_mode": false,
"locations": [
{
"custom_conf_override": false,
"path_append_pattern": false,
"pattern": "[^/]\\.php(/|$)",
"custom_conf": "# Zero-day exploit defense.\n# http://forum.nginx.org/read.php?2,88845,page=3\n# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.\n# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.\ntry_files $uri =404;\nfastcgi_split_path_info ^(.+\\.php)(/.+)$;",
"path": "",
"match": "regex",
"backend": {
"params": {
"php_admin_values": "open_basedir = none;",
"php_flags": "",
"pm": "dynamic"
},
"type": "php-fcgi"
}
}
],
"custom_conf": "# This order might seem weird - this is attempted to match last if rules below fail.\nlocation / {\n\ttry_files $uri $uri/ /index.php?$args;\n}\n\n# Add trailing slash to */wp-admin requests.\nrewrite /wp-admin$ $scheme://$host$uri/ permanent;\n\n# Directives to send expires headers and turn off 404 error logging.\nlocation ~* ^.+\\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {\n access_log off; log_not_found off; expires max;\n}\n\nlocation = /favicon.ico {\n\tlog_not_found off;\n\taccess_log off;\n}\nlocation = /robots.txt {\n\tallow all;\n\tlog_not_found off;\n\taccess_log off;\n}\n# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~ /\\. {\n\tdeny all;\n}\n# Deny access to any files with a .php extension in the uploads directory\n# Works in sub-directory installs and also in multisite network\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~* /(?:uploads|files)/.*\\.php$ {\n\tdeny all;\n}",
"ssl_key_path": "",
"owner": "root",
"ssl_cert_path": "",
"custom_conf_toplevel": "",
"name": "blog",
"enabled": true,
"extensions": {
"ajenti.plugins.vh.processes.ProcessesExtension": {
"processes": []
},
"ajenti.plugins.vh-pureftpd.pureftpd.PureFTPDExtension": {
"username": "mailingbosscom",
"password": "",
"user": null,
"created": true
},
"ajenti.plugins.vh-mysql.mysql.MySQLExtension": {
"users": [
{
"password": "0fe6eb50-673f-451c-b95d-96bf1616de16",
"name": "blog"
}
],
"databases": [
{
"name": "blog"
}
]
}
},
"domains": [
{
"domain": "k-leap.com"
},
{
"domain": "128.199.176.95:8000/blog"
},
{
"domain": "128.199.176.95/blog"
}
],
"root": "/srv/blog",
"ports": [
{
"spdy": false,
"ssl": false,
"host": "*",
"port": 80,
"default": false
}
]
}
]
}

I assume that k-leap.com is the website in question. Please confirm that all configuration checks are ok.
Also, "128.199.176.95:8000/blog" and "128.199.176.95/blog" aren't domains. This can easily prevent NGINX from applying config changes (this will be visible in configuration checks).
Hey I deleted the "128.199.176.95:8000/blog" and "128.199.176.95/blog". Sorry, can you walk me through how to make sure the configuration checks are okay.
Sorry for the trouble. I was able to figure it out. I had the content section all wrong.