Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Join Date
    Mar 2011
    Posts
    19
    Plugin Contributions
    0

    Default cpanel error log - client denied by server configuration

    Hi

    Sorry for the long post, but i will try to include as much info as possable.

    I have recently noticed the following error logs in my cpanel.

    client denied by server configuration: /home/mysite/public_html/includes/templates/mytemplate/css/none, referer: http://www.mysite.com/

    I have read various threads on the forum which have helped to some degree.

    If I rename includes/.htaccess to .htaccess_off
    then the errors stop!

    I have asked my hosting company if the httpd.conf file has 'Limit' and 'Indexes' parameters to the AllowOverride configuration, and this was their response

    "Those options are already included as standard:

    Options +ExecCGI +FollowSymLinks +Includes +IncludesNOEXEC +Indexes -MultiViews +SymLinksIfOwnerMatch"


    I then asked why 'Limit' was not on the list, and my response was this.

    "As advised we don't modify the httpd.conf file, any changes you would need to make within your .htaccess file. This is a scripting issue that's not part of our support to diagnose for you."


    The website functions correctly, but I know these errors shouldn't be there.

    So I am here asking for help, as to how I may modify the includes/.htaccess file without compromising my websites security.

  2. #2
    Join Date
    Sep 2006
    Posts
    542
    Plugin Contributions
    0

    Default Re: cpanel error log - client denied by server configuration

    What is in your .htaccess? will you post it here
    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Play with it long enough and you will break it.

  3. #3
    Join Date
    Mar 2011
    Posts
    19
    Plugin Contributions
    0

    Default Re: cpanel error log - client denied by server configuration

    Thank you

    Contents of includes/.htaccess

    #
    # @copyright Copyright 2003-2010 Zen Cart Development Team
    # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
    # @version $Id: .htaccess 17394 2010-08-28 03:16:06Z drbyte $
    #
    # This is used with Apache WebServers
    #
    # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
    # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
    # Will also prevent people from seeing what is in the dir. and any sub-directories
    #
    # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
    # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
    # Example:
    #<Directory "/usr/local/apache/htdocs">
    # AllowOverride Limit Options Indexes
    #</Directory>
    ###############################

    # deny *everything*
    <FilesMatch ".*">
    Order Allow,Deny
    Deny from all
    </FilesMatch>

    # but now allow just *certain* necessary files:
    <FilesMatch ".*\.(js|JS|css|CSS|jpg|JPG|gif|GIF|png|PNG|swf|SWF|xsl|XSL)$">
    Order Allow,Deny
    Allow from all
    </FilesMatch>

    IndexIgnore */*


    ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
    # OPTIONS -Indexes -ExecCGI

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: cpanel error log - client denied by server configuration

    Quote Originally Posted by Interceptor View Post
    client denied by server configuration: /home/mysite/public_html/includes/templates/mytemplate/css/none, referer: http://www.mysite.com/
    You need to be looking for why your site is suggesting a filename of "none".

    Looking in .htaccess is completely the wrong direction. The .htaccess is CORRECTLY blocking files named "none", because there's no good reason for calling a CSS file by the name of "none". (For the purists, of course one "could" but that's another topic altogether and entirely outside the scope of the way Zen Cart works.)

    You need to find out why your site is even attempting to ask for a "none" file name.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: cpanel error log - client denied by server configuration

    client denied by server configuration:
    - this indicates that a directive within your .htaccess prevented someone from doing something

    /home/mysite/public_html/includes/templates/mytemplate/css/none,
    - this is something that I'm starting to see more 'n more of and on various Servers with various versions of Zen Cart, seems to be more related to how the Server is configured than Zen Cart itself but puzzling nonetheless

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: cpanel error log - client denied by server configuration

    Just a hunch, without any proof yet, that it's caused by poor URL rewriters.

    Or templates that have replaced the original ZC code which calls files with actual .css extensions on them.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: cpanel error log - client denied by server configuration

    Quote Originally Posted by Website Rob View Post
    /home/mysite/public_html/includes/templates/mytemplate/css/none,
    - this is something that I'm starting to see more 'n more of and on various Servers with various versions of Zen Cart, seems to be more related to how the Server is configured than Zen Cart itself but puzzling nonetheless
    This is not a 'server configuration' issue. It's just 'bad' code somewhere.

    Here's a nice video tutorial on how to find the cause.
    http://youtu.be/Ev-cLvYnJ_k

    Cheers
    Rod

  8. #8
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: cpanel error log - client denied by server configuration

    Nice catch, Rod.

    Just bad (sloppy) CSS coding, using invalid syntax like:
    Code:
    background:url(none)
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Mar 2011
    Posts
    19
    Plugin Contributions
    0

    Default Re: cpanel error log - client denied by server configuration

    Thanks to all that replied, you been a great help.

    Problem now solved.
    For those that took the time to reply, and to those that may stumble across this thread in the future, heres the cause.

    It turns out that there was 2 lines in my stylesheet.css which were causing the apache error logs.

    The line in question was

    background-image:url('none');

    apparently apache sees anything between the brackets as a valid url

    I did spot this before, but as I was editing the css file in FrontPage, when I edited the file to

    background-image: none;

    and clicked save, it would correct it back to the original line (albeit wrongly)

    So I changed my default editing software to Notepad++ and made the change again, and hey presto, no more error logs.

    So in a nut shell, dont use FrontPage for editing code

  10. #10
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: cpanel error log - client denied by server configuration

    Yup. FrontPage is THE WORST application for editing code.

    Indeed most applications by Microsoft are notoriously bad for coding/writing/designing for the web.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 24
    Last Post: 23 Sep 2011, 01:45 PM
  2. mod_security vs client denied by server configuration
    By gsdcypher in forum Installing on a Linux/Unix Server
    Replies: 0
    Last Post: 2 Jan 2010, 09:43 PM
  3. Client Denied by Server Configuration
    By fortun3 in forum General Questions
    Replies: 5
    Last Post: 18 Dec 2009, 06:38 PM
  4. client denied by server configuration - misconfigured host settings
    By RedGerry in forum Installing on a Linux/Unix Server
    Replies: 2
    Last Post: 5 Oct 2006, 04:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR