How to Fix Random 403 Errors
For the longest time, I was getting random 403 Forbidden Errors and the error log would say “client denied by server configuration”. This error happened when a lot of pages were viewed in a short amount of time, or when a page was viewed with several dynamic images. This problem was common in picture viewers such as Gallery where some images didn’t load or the whole page was a 403 error page. Sometimes refreshing the page fixed the problem, but it was still annoying. Read this entry to see what causes it and how to fix it.
This issue (in my case) was caused by mod_evasive in Apache. If you read up on it, you will see why. This module prevents somebody from flooding the server. This explains why you get a 403 error when you refresh the page 20 times, but how does this explain random pictures from not showing up? The answer to that question is very simple. Think of it this way: every time a picture is referenced in a page, Apache sees it as a different request. For example, look at your Apache logs. You will see that it treats every image as a separate request.
So now the question is how to fix it…if you are on a shared host, the bad news is that you can’t. The only thing you can do is ask your host to read this entry and fix it themselves.
Here are your options:
- Disable the module – This would without a doubt solve your problems with 403 errors, but if somebody floods your server, you’re screwed.
To disable your the module, comment out the line that says “AddModule mod_evasive.c” in your Apache configuration file. - Make the settings more flexible – This would probably the preferred method. Their are options to configure for this module, and you can make it more lienent on how to treat frequent requests. You may find the default values in your httpd.conf file to be something like this:
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>Change the settings to something like this:
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 2
</IfModule>
And that’s how you do it! Hopefully that worked for you. If it didn’t, then you have more Googling to do
.
This entry was posted on Friday, December 29th, 2006 at 7:51 pm and is filed under Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Seemingly random 403 errors on Apache « Aslak Johansen’s Weblog May 20th, 2009 at 6:29 pm
[...] against DOS attacks. The above usage pattern was being categorised as an attack and rejected. This page explains the details and this page explains how to deal with it in [...]