I’m hosting on my server a lot of website (+100) with different CMS, every environment are chrooted with jailkit (Jailkit - chroot jail utilities) for environement isolation, and I have one of this website working with Kirby CMS.
The website globaly “works”, but some backend function doesn’t. It doesn’t work when we try to change status of a basic page (from “draft” to “listed”). This error occur each time :
After some research, I found that this POST request “https://xxxxx.fr/api/pages/test/status” happen when I try to change page status, and it give me a 403 forbidden. So I think this is an error from my Apache server configuration. When I check the error log with debug log, I got :
[Mon Sep 04 11:52:52.882989 2023] [authz_core:debug] [pid 31108] mod_authz_core.c(820): [client xxx.xxx.xxx.xx:58312] AH01626: authorization result of Require ip 127.0.0.1: denied
[Mon Sep 04 11:52:52.882997 2023] [authz_core:debug] [pid 31108] mod_authz_core.c(820): [client xxx.xxx.xxx.xx:58312] AH01626: authorization result of <RequireAny>: denied
[Mon Sep 04 11:52:52.883002 2023] [authz_core:error] [pid 31108] [client xxx.xxx.xxx.xx:58312] AH01630: client denied by server configuration: /path/to/env/htdocs/public/api
I don’t understand why Kirby try /public/api (this folder doesn’t exist) and why it give me “Require ip 127.0.0.1” when my Apache configuration is just in “Require all granted”…
I search for many hours now, without any result… I’m losing my mind. Do you have an idea ?
Are you sure, that the directive does not appear in the remaining config? Configuration items do also appear in the main config file and might appear in additional config files and associated to modules.
You were right, the cause was a bad Apache configuration with a Require ip that match a specific location (used by our monitoring system)
I didn’t find it in the first way because I made a grep with case sensitive and the require was writing without caps… so stupid.
