Site working fine, but HTML Status code 403 after bncert-tool

Keywords: PrestaShop - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 0ac3b16a-18fb-7476-d710-fedf595efcaf
Description:
Hello, i m a litle newby in bitnami.
I have AWS instance and Prestashop CMS.
I enabled SSL on my site, without problem, but checking html status code i get 403.
The site work fine, (Frontend and BackOffice) and i can t undestand why i get 403.
I fix file permission:

sudo find /opt/bitnami/apps/prestashop/htdocs/ -type d -exec chmod 755 {} +

sudo find /opt/bitnami/apps/prestashop/htdocs/ -type f -exec chmod 664 {} +

This is My configuration:
bitnami.conf:

# Default Virtual Host configuration.

<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable non-www to www redirection
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/www.naviflow.it.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/www.naviflow.it.key"
            
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable non-www to www redirection
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
        
  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

httpds-app.conf:

<IfDefine USE_PHP_FPM>
    <Proxy "unix:/opt/bitnami/php/var/run/prestashop.sock|fcgi://prestashop-fpm" timeout=300>
    </Proxy>
</IfDefine>

<Directory "/opt/bitnami/apps/prestashop/htdocs">
    Options 
    AllowOverride None
    <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.3>
        Require all granted
    </IfVersion>
    
    
    <IfModule php7_module>
            php_value memory_limit 512M
    php_value max_execution_time 300
    php_value max_input_time -1
    php_value upload_max_filesize 25M
    php_value post_max_size 20M
    php_value max_input_vars 10000
    </IfModule>

    <IfDefine USE_PHP_FPM>
       <FilesMatch \.php$>
         SetHandler "proxy:fcgi://prestashop-fpm"
       </FilesMatch>
    </IfDefine>

</Directory>

Include "/opt/bitnami/apps/prestashop/conf/htaccess.conf"

httpd-vhost.conf

<VirtualHost *:80>
    ServerName prestashop.example.com
    ServerAlias www.prestashop.example.com
    DocumentRoot "/opt/bitnami/apps/prestashop/htdocs"
    
    Include "/opt/bitnami/apps/prestashop/conf/httpd-app.conf"
</VirtualHost>

<VirtualHost *:443>
    ServerName prestashop.example.com
    ServerAlias www.prestashop.example.com
    DocumentRoot "/opt/bitnami/apps/prestashop/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/www.naviflow.it.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/www.naviflow.it.key"
    
    Include "/opt/bitnami/apps/prestashop/conf/httpd-app.conf"
</VirtualHost>

Thank You

Regards.

Emiliano

Hi @tmsio73,

Thanks for using Bitnami. I checked your bnupport bundle and the Apache configuration looks ok to me. I also visited your website and I accessed it without issues

Can you tell us if you managed to solve your issue? Apart from that, I see many error messages on Apache related to Prestashop that you may want to take a look at

[Sun Feb 09 21:53:17.938521 2020] [proxy_fcgi:error] [pid 719:tid 140206195836672] [client 2.236.53.91:57080] AH01071: Got error 'PHP message: PHP Warning:  require(/opt/bitnami/apps/prestashop/htdocs/var/cache/prod/Container69yv13s/getPrestashop_Translation_DatabaseLoaderService.php): failed to open stream: No such file or directory in /opt/bitnami/apps/prestashop/htdocs/var/cache/prod/Container69yv13s/appProdProjectContainer.php on line 1633PHP message: PHP Fatal error:  require(): Failed opening required '/opt/bitnami/apps/prestashop/htdocs/var/cache/prod/Container69yv13s/getPrestashop_Translation_DatabaseLoaderService.php' (include_path='/opt/bitnami/apps/prestashop/htdocs/vendor/pear/pear_exception:/opt/bitnami/apps/prestashop/htdocs/vendor/pear/console_getopt:/opt/bitnami/apps/prestashop/htdocs/vendor/pear/pear-core-minimal/src:/opt/bitnami/apps/prestashop/htdocs/vendor/pear/archive_tar:.:/opt/bitnami/php/lib/php:/opt/bitnami/frameworks/smarty/libs') in /opt/bitnami/apps/prestashop/htdocs/var/cache/prod/Container69yv13s/appProdProjectContainer.php on line 1633', referer: http://35.156.185.126/adminYPVS73/index.php/improve/design/themes/?_token=CM0t1ammLG8MgZ6CFZQBSYdpMZRxUD56-dUAmKwR_-s
[Sun Feb 09 22:11:26.303159 2020] [proxy_fcgi:error] [pid 538:tid 140206111909632] [client 2.236.53.91:60489] AH01071: Got error 'PHP message: PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /opt/bitnami/apps/prestashop/htdocs/vendor/doctrine/orm/lib/Doctrine/ORM/UnitOfWork.php on line 2636PHP message: PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /opt/bitnami/apps/prestashop/htdocs/vendor/doctrine/orm/lib/Doctrine/ORM/UnitOfWork.php on line 2665', referer: http://35.156.185.126/adminYPVS73/index.php/improve/international/localization/?_token=CM0t1ammLG8MgZ6CFZQBSYdpMZRxUD56-dUAmKwR_-s
[Mon Feb 10 10:51:45.232052 2020] [authz_core:error] [pid 3473:tid 140694161041152] [client 2.236.53.91:57216] AH01630: client denied by server configuration: /opt/bitnami/apps/prestashop/htdocs/app/download/24149789/Manuale+NaviFlow+2.pdf, referer: http://35.156.185.126/adminYPVS73/index.php/improve/design/cms-pages/7/edit?open_preview=1&_token=CM0t1ammLG8MgZ6CFZQBSYdpMZRxUD56-dUAmKwR_-s
[Sat Feb 15 18:52:21.470382 2020] [proxy_fcgi:error] [pid 5487:tid 140583666411264] [client 95.236.183.145:57069] AH01071: Got error 'PHP message: PHP Notice:  Undefined index:  in /opt/bitnami/apps/prestashop/htdocs/classes/order/Order.php on line 944PHP message: PHP Notice:  Undefined index:  in /opt/bitnami/apps/prestashop/htdocs/classes/order/Order.php on line 945PHP message: PHP Notice:  Undefined index:  in /opt/bitnami/apps/prestashop/htdocs/classes/order/Order.php on line 946', referer: https://www.naviflow.it/account

You can check them in the Apache error log located at /opt/bitnami/apache2/logs/error_log

Hello, thank you for your reply.
35.156.185.126 it was my old ip, and i have to check why is still present in the configuration.
The problem is in the status code.

This is a problem ?
On my other site i get status 200 like https://raskal.shop but in www.naviflow i get 403.
I cant undestand why.
This status code can create SEO problem?
Another question i tried to flush pagespeed cache via command line: sudo touch /opt/bitnami/apache2/var/cache/mod_pagespeed/cache.flush

But i still see files in folder /opt/bitnami/apache2/var/cache/mod_pagespeed/v3
Can i empty manualy v3 folder?
Pagespeed is disable at moment.

Thank You

Regards
Emiliano

Hi @tmsio73,

Can you tell us where are you getting this 403 code? Which app are you using to check it? I visited your website again using Chrome and Firefox and I don’t get any error. I’m getting a valid certificate on both browsers. Can you try to access using an incognito browser?

Also, did you restart Apache after disabling PageSpeed? If so, I think you can remove the content of that folder and restart services after that just in case

sudo /opt/bitnami/ctlscript.sh restart

We highly recommend you to create a server backup before doing any more changes so you can restore to a previous known state

https://docs.bitnami.com/aws/faq/administration/backup-restore-server/

Thank You gonogomgra, for you assistance, and sorry for the late.
i use this site to check html status code:
http://tools.seobook.com/server-header-checker/?url=www.naviflow.it&useragent=8&protocol=11

no problem via incognito browser.

i restarted the server, and i performe a backup every night via aws snapshot.

Thank you for backup link procedure :slight_smile:

I can t undestand why this 403 error.

Regards

Hi @tmsio73,

Unfortunately, I can’t reproduce your issue of getting a 403 code. As you are using a thirdparty website, we recommend you to ask the developers of that website for more information about how their tool works and the results you are getting.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.