So this error, this little error, was the bane of existence for 3 whole days.
client denied by server configuration: /var/www/vhosts/xyz.com/httpdocs/admin_panel, referer: http://xyz.com/admin_panel/content_list/
Developers at the company started complaining of getting 403 Forbidden errors, at first I thought it was modsecurity, because a 403 Forbidden message is almost always thrown by modsecurity. This wasn’t the case here. I moved on, started scouring Google for answers.
Quickly I realized that that this maybe an issue because I was running Apache 2.4 on this server, 99.999% of the threads on Google suggested altering the vhost.conf for the site and add the following
Require all granted
This was a bust as well, I tried putting this line in the main httpd.conf at /etc/httpd/conf as well but no joy.
What I was slow to notice was that all the threads I was looking at had people complaining about getting this error all the time whereas I was only getting these at random instances. The dev lead here then hit my server with a seige attack which brought forward the issue. The issue would arise after a couple of successful hits first.
I then took to the internet again, this time through the anals of the time. I ended up with a threads from 2006, was about to dismiss it for the sake of obsolescence but thought what the hell. Turns out the answer was in there.
MOD_EVASIVE! YOU SUMBITCH!
Mod_Evasive was the lovely little config that was causing all the problems. *sigh*
With this piece of information in hand, I had two options, either tweak mod_evasive’s config to be more lenient or completely disable it. I decided to disable it completely until I can test the tweaks on a test server.
This is the thread that saved my life (pr0gr4mm3r.com): LINK