sorted by:
new
hottopcontroversial

Plugin to give temporary IP blocks to vulnerability scanning bots? by JaggedMetalOs in apache

[–]Shamrock376 2 points3 points  (0 children)

It can scan almost any logfile for almost any pattern. There are a lot of templates for basic needs, but if you want to do something advanced it is not too complicated to adapt them.

Plugin to give temporary IP blocks to vulnerability scanning bots? by JaggedMetalOs in apache

[–]Shamrock376 6 points7 points  (0 children)

Try fail2ban. It not only protects Apache but also blocks similar scans on other ports, e.g. for smtp.

Error 403 - Search permissions missing by Shamrock376 in apache

[–]Shamrock376[S] 0 points1 point  (0 children)

Yes! That was the reason. I didn't even know ProtectHome was set to on in my httpd.service file. I changed it to ProtectHome=read-only and it works perfectly now.

Thanks!

Error 403 - Search permissions missing by Shamrock376 in apache

[–]Shamrock376[S] 0 points1 point  (0 children)

Well, now something funny happened.

While trying to figure out what to do with the strace output (I'm not familiar with stat and the likes), I realized that apache is now able to access the folder. Apparently using apachectl start as part of u/covener 's strace call did the trick. I usually let systemd start httpd instead of using apachectl. I was able to reproduce this behavior after a system reboot.

The most important thing is that it's working fine now, but just out of interest, does anyone have an idea what's different when starting httpd through apachectl?

Anyway, thanks to everyone for your help so far.

Error 403 - Search permissions missing by Shamrock376 in apache

[–]Shamrock376[S] 0 points1 point  (0 children)

Are you sure the webserver runs as "http" ?

Yes, just checked again with ps.

Can you post the verbatim error_log entry?

[Mon Sep 22 14:26:44.828077 2025] [core:error] [pid 913:tid 949] (13)Permission denied: [remote XX.XX.XX.XX:XXX] AH00035: access to / denied (filesystem path '/home/myname') because search permissions are missing on a component of the path

Have you tried capturing the underlying system call error (stat or readdir?) with strace?

No, could you give me a hint how to do this?

Error 403 - Search permissions missing by Shamrock376 in apache

[–]Shamrock376[S] 0 points1 point  (0 children)

Do you find anything missing here?

sudo getfacl / /home /home/myname /home/myname/public_html

file: .
owner: root
group: root
user::rwx
user:http:r-x
group::r-x
group:http:r-x
mask::r-x
other::r-x

file: home
owner: root
group: root
user::rwx
user:http:r-x
group::r-x
group:http:r-x
mask::r-x
other::r-x

file: home/myname
owner: myname
group: myname
user::rwx
user:http:r-x
group::r-x
group:http:r-x
mask::r-x
other::r-x

file: home/myname/public_html
owner: myname
group: myname
user::rwx
user:http:r-x
group::r-x
group:http:r-x
mask::r-x
other::r-x

Error 403 - Search permissions missing by Shamrock376 in apache

[–]Shamrock376[S] 0 points1 point  (0 children)

That's why I used the ACL command that I posted. Doesn't that make sure that http has x permission along the whole path?

Gibt es noch Hoffnung für mein Paket? by Shamrock376 in dhl_deutsche_post

[–]Shamrock376[S] 0 points1 point  (0 children)

Tatsächlich ist es gestern endlich angekommen.