On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I'm getting random 403 errors.
I say "random" because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.
The server is running some websites (about a dozen), with various kind of solutions (a couple of Wordpress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).
I'd also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.
Is `mod_evasive' enabled ? To see please try
ls /etc/apache2/mods-enabled/ and if you see mod-evasive.load the apache module mod-evasive is enabled.
The goal of this module is to deny access with a 403 request when too many request come from the same pc(ip) or or when a lot of pages were viewed in a short amount of time. The ip is somewhat blocked for a certain period of time. Sometimes refreshing the page can fix the problem, but it is still annoying.
What you can do is
1)to disable it with a2dismod mod-evasive and service apache2 restart
or
2)Find the httpd.conf file and modify the different parameters. Increase the thresholds for mod_evasive to be less sensitive
modify the default value by something like:
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 2
</IfModule>
MODEV_DOSPageCount This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.
MODEV_DOSPageInterval The interval for the page count threshhold; defaults to 1 second intervals.
etc... You can change them
All the parameters and best solutions are explained here