Does OLS cache pages with 403 error code (Forbidden)?
- Thread starter gilles
- Start date
Gilles,
Error 403: "The server understood the request, but is refusing to authorise it.", RFC 7231. This doesn't sound like something OLS would cache, but maybe an admin can prove me wrong. You didn't specify what files or directories being requested result in this error, or what your platform/OS is, so I'll speak in generalities. Let's see if it might not be WP Zero Spam first...
1. Check the permissions on wordpress files and directories. They should be owned by user nobody and group nogroup, should probably have the group sticky flag set to keep it this way, and the wordpress best-practice says directories should be 750 and files be 640. These shell commands could do that:
2. Check if it's being caused by a wayward .htaccess file. Just back it up then delete it, rename it, or otherwise get it out of there and see if it works. If it does, that .htaccess needs some attention. If it still breaks in the same way, you can put it back and look elsewhere.
3. Deactivate all your plugins, and then activate them one by one and retest after each. This may identify the true culprit, and can sometimes surprise you.
If you could provide more details, that would help too.
I hope this helps. If it does, please let us know.
Error 403: "The server understood the request, but is refusing to authorise it.", RFC 7231. This doesn't sound like something OLS would cache, but maybe an admin can prove me wrong. You didn't specify what files or directories being requested result in this error, or what your platform/OS is, so I'll speak in generalities. Let's see if it might not be WP Zero Spam first...
1. Check the permissions on wordpress files and directories. They should be owned by user nobody and group nogroup, should probably have the group sticky flag set to keep it this way, and the wordpress best-practice says directories should be 750 and files be 640. These shell commands could do that:
Bash:
chown -R nobody:nogroup <vhost directory>
chmod -R g+s <vhost directory>
find <wordpress directory>/ -type d -exec chmod 750 {} \;
find <wordpress directory>/ -type f -exec chmod 640 {} \;3. Deactivate all your plugins, and then activate them one by one and retest after each. This may identify the true culprit, and can sometimes surprise you.
If you could provide more details, that would help too.
I hope this helps. If it does, please let us know.
Last edited:
Hi Steve,
I'm guessing I was not clear enough with my description. I'm running OLS with CyperPanel on Ubuntu 20.04.
Let's say a malicious host is trying to hammer my home page. WP Zero Spam sends back a 403:
But then I get the same page on my browser. I'm thinking OLS cached the blocked page instead of the real one and is serving it to me too.
Not sure if WP Zero Spam is supposed to set a no-cache header or if I need to configure the cache not to cache pages with 403 errors. But I am surprised OLS would cache a 403 in the first place.
I'm guessing I was not clear enough with my description. I'm running OLS with CyperPanel on Ubuntu 20.04.
Let's say a malicious host is trying to hammer my home page. WP Zero Spam sends back a 403:
Code:
status_header( 403 );
die( $this->options['blocked_message'] );Not sure if WP Zero Spam is supposed to set a no-cache header or if I need to configure the cache not to cache pages with 403 errors. But I am surprised OLS would cache a 403 in the first place.