Apache 2.4 "client denied by server configuration" caused by Require expr - even though the request succeeds

it flag

Our apache error log is littered with messages saying client denied by server configuration, even though the htaccess configuration is working as intended.

Here is the relevant bit of the htaccess:

SetEnvIfExpr "req_novary('User-Agent') =~ /.*WHATEVER.*/" WHATEVER=1

    # Only allow access for these hosts
    Require expr "%{HTTP_HOST} =~ /((host1|host2|host3)\.com)/"

    # Deny access if any of the rules in the RequireNone succeed!
        # IIRC putting the two requires here is fine, it's an implicit OR.
         Require expr "%{REQUEST_URI} =~ m#.*RELEASE_NOTES\.txt#i"
            # Block path unless it's one of the User Agents we want to allow
            Require expr "%{REQUEST_URI} =~ m#pathy/path#i"

            # This expr is what seems to trigger the error, even though the User Agent
            # matches and the server responds with a HTTP 200 code (and the request is successful).
            Require expr "!(reqenv('WHATEVER') == 1)"

If we test it using the correct user agent it works fine, we get an HTTP 200 and the response is valid. If we use a different UA it will give us a 403 Forbidden as expected. But on every successful request the error client denied by server configuration will be logged.

We had this same issue with a different Require expr statement, but we changed that one to a rewrite rule to resolve it (this previous issue was resulting in a log message for basically every resource access). We can do the same again here, but I'm curious why this may be resulting in the error.

kz flag
What do you see in your "access" log?
Jonathan avatar
it flag
On my host I see a transfer log, I believe this is equivalent to the normal access log. I have: > xx.xx.xx.xx - deadbeefdeadbeefdeadbeef [09/Feb/2023:02:45:43 +0000] "POST /pathy/path/webhook.php HTTP/1.1" 200 - "-" "WHATEVER/Webhooks". At the same time in the error log I have: [Thu Feb 09 02:45:43 2023] [authz_core:error] [pid 13303:tid 140382549309184] [client xx.xx.xx.xx:0] AH01630: client denied by server configuration: /pathy/path/webhook.php xx.xx.xx.xx - deadbeefdeadbeefdeadbeef [09/Feb/2023:02:45:43 +0000] "POST /pathy/path/webhook.php HTTP/1.1" 200 - "-" "WHATEVER/Webhooks"

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.