Jump to content
thirty bees forum
  • 0

Webservice (API) 403 Error


Question

Posted (edited)

After a particularly terrible experience with Cloudways support I'm trying to migrate away from Cloudways and towards a self-managed VULTR server running Centos7 + Centos Web Panel (CWP). (It took Cloudways support 18 hours to resolve an SSH key issue that they somehow created. I couldn't access the server with public/private keys during this time. I have no idea how long it would take them to fix an actually serious problem and I do not wish to find out...)

After some initial struggles things are now working quite well and I am learning how to get things done within CWP. I can get sites installed and running quite easily now and am overall very happy with the way CWP works.

I do however have one problem, and that is the webservice (aka api) is not operating properly. I can send GET requests and get data from the webservice. These show up in the apache logs with status code 200 and the data is displayed correctly.

However when I try to use a PUT request to make changes to server data it fails with a 403 Forbidden error. This same code works just fine on cloudways and has worked with other hosts so I think there is some sort of permissions error going on. For the life of me I cannot figure this out.

I have spent a lot of time over the past couple of days banging my head against the wall which has been great for learning but I'm out of ideas. There are a lot of suggestions on Stack Exchange about how to rectify common 403 errors with Apache but none have worked for me. I have been very careful about not making any permanent changes and always undoing any changes I make along the way.

A few of the things I have tried:

* Making sure perms for all folders are set to 755 and for files to 644. These are the recommended perms by CWP.

* Making sure perms for all folders are set to 775 and for files to 664. These more permissive perms are what Cloudways uses.

* Adding "Options FollowSymLinks" to the .htaccess file (this changed the error code from 403 to 500 and made the entire website inaccessible) 

* Adding "Options +FollowSymLinks" to the .htaccess file (this changed the error code from 403 to 500 and made the entire website inaccessible) 

* Making sure mod_security is OFF for the domain I am working with (can be turned on and off on a per-domain basis with CWP)

* A LOT of time trying to interpret the config files for Apache which are really above my ability to understand. Despite doing a LOT of reading about these files in the end I didn't feel comfortable monkeying with them lest I make things much worse.

Some info on the server:

CentOS 7 with all updates
CWP 0.9.8.836
Apache 2.4.39
Nginx 1.16.0
PHP-FPM v7.1.30
MariaDB 10.1.40
VULTR's standard firewall is disabled, the firewall included with CWP is enabled (CSF + LFD)

Varnish is also installed but is disabled for this domain. So this domain is running using a similar set of services to what Cloudways uses, Nginx -> Apache -> PHP-FPM.

This overall server setup was created by CWP. In other words, I didn't personally install and configure each service, the server is an automated install using CWP that configures things in a standard way.

So, does anyone have any ideas on what I need to change to make this work?

Edited by dynambee
Info about why I wish to change hosts

Recommended Posts

  • 0
Posted

After some more monkeying around I have worked out what seems to be the best way to do this.

This is probably super obvious for anyone with more Apache configuration experience than I have (which is almost none) but the best solution is to add a vhost configuration file for the domain in question. With CWP these files are stored here:

/usr/local/apache/conf/userdata/[username]/[domain]

So if your username is 'myaccount' and the domain is 'example.com' it would look like this:

/usr/local/apache/conf/userdata/myaccount/example.com

You can call the file whatever you want as long as the extension is .conf. So let's call it thirtybees.conf:

/usr/local/apache/conf/userdata/myaccount/example.com/thirtybees.conf

The contents of the file:

<Directory "/home/[username]/public_html">
	Order allow,deny
	Allow from all
	Require all granted
</Directory>

Obviously replace [username] with your account's username.

After the file is saved in the right place then restart Apache. The webservice (api) will now work.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...