xxx-tea opened a new issue, #3184:
URL: https://github.com/apache/apisix-dashboard/issues/3184
### Issue description
403 errors and logs when accessing ip:port/ui/while using the built-in ui of
apisix3.13.0
apisix: 2025/09/01 02:05:15 [error] 49#49: *358772 access forbidden by rule,
client: 192.168.147.1, server: , request: "GET /ui/ HTTP/1.1", host:
"localhost:9180"
Here is my configuration apisix_conf.yaml,apisix is running in docker
---
nginx_config:
main_configuration_snippet: ''
http_configuration_snippet: ''
http_server_configuration_snippet: ''
http_server_location_configuration_snippet: ''
http_admin_configuration_snippet: ''
error_log_level: warn
stream:
access_log_format_escape: default
enable_access_log: false
access_log: logs/access_stream.log
access_log_format: $remote_addr [$time_local] $protocol $status
$bytes_sent $bytes_received
$session_time
lua_shared_dict:
etcd-cluster-health-check-stream: 10m
lrucache-lock-stream: 10m
plugin-limit-conn-stream: 10m
worker-events-stream: 10m
tars-stream: 1m
upstream-healthcheck-stream: 10m
enable_cpu_affinity: false
worker_rlimit_nofile: 20480
worker_shutdown_timeout: 240s
max_pending_timers: 16384
max_running_timers: 4096
meta:
lua_shared_dict:
standalone-config: 10m
prometheus-metrics: 15m
status-report: 1m
http:
access_log_format_escape: default
variables_hash_max_size: 2048
upstream:
keepalive: 320
keepalive_requests: 1000
keepalive_timeout: 60s
access_log_buffer: 16384
keepalive_timeout: 60s
lua_shared_dict:
internal-status: 10m
upstream-healthcheck: 10m
worker-events: 10m
plugin-limit-count: 10m
plugin-limit-conn: 10m
balancer-ewma-locks: 10m
balancer-ewma-last-touched-at: 10m
plugin-limit-conn-redis-cluster-slot-lock: 1m
plugin-ai-rate-limiting: 10m
plugin-ai-rate-limiting-reset-header: 10m
prometheus-metrics: 10m
tracing_buffer: 10m
plugin-api-breaker: 10m
etcd-cluster-health-check: 10m
discovery: 1m
jwks: 1m
introspection: 10m
access-tokens: 1m
ext-plugin: 1m
tars: 1m
cas-auth: 10m
ocsp-stapling: 10m
mcp-session: 10m
lrucache-lock: 10m
plugin-limit-req: 10m
balancer-ewma: 10m
plugin-limit-req-redis-cluster-slot-lock: 1m
plugin-limit-count-redis-cluster-slot-lock: 1m
client_header_timeout: 60s
client_body_timeout: 60s
client_max_body_size: 0
send_timeout: 10s
underscores_in_headers: 'on'
real_ip_header: X-Real-IP
enable_access_log: true
real_ip_recursive: 'off'
real_ip_from:
- 127.0.0.1
- 'unix:'
access_log: logs/access.log
proxy_ssl_server_name: true
access_log_format: $remote_addr - $remote_user [$time_local] $http_host
"$request"
$status $body_bytes_sent $request_time "$http_referer"
"$http_user_agent" $upstream_addr
$upstream_status $upstream_response_time
"$upstream_scheme://$upstream_host$upstream_uri"
charset: utf-8
error_log: logs/error.log
stream_configuration_snippet: ''
http_end_configuration_snippet: ''
worker_processes: auto
event:
worker_connections: 10620
stream_plugins:
- ip-restriction
- limit-conn
- mqtt-proxy
- syslog
plugins:
- dubbo-proxy
- example-plugin
- proxy-rewrite
- prometheus
- key-auth
- basic-auth
- jwt-auth
- ip-restriction
- cors
plugin_attr:
server-info:
report_ttl: 60
dubbo-proxy:
upstream_multiplex_count: 32
proxy-mirror:
timeout:
read: 60s
send: 60s
connect: 60s
prometheus:
export_uri: /apisix/prometheus/metrics
export_addr:
port: 9091
ip: 127.0.0.1
metric_prefix: apisix_
enable_export_server: true
zipkin:
set_ngx_var: false
log-rotate:
timeout: 10000
interval: 3600
max_size: -1
enable_compression: false
max_kept: 168
skywalking:
report_interval: 3
endpoint_addr: http://127.0.0.1:12800
service_name: APISIX
service_instance_name: APISIX Instance Name
inspect:
delay: 3
hooks_file: /usr/local/apisix/plugin_inspect_hooks.lua
opentelemetry:
collector:
address: 127.0.0.1:4318
request_headers:
Authorization: token
request_timeout: 3
set_ngx_var: false
trace_id_source: x-request-id
resource:
service.name: APISIX
batch_span_processor:
drop_on_queue_full: false
max_queue_size: 1024
max_export_batch_size: 16
inactive_timeout: 1
batch_timeout: 2
deployment:
role: traditional
enable_admin: true
admin:
admin_key:
- role: admin
key: CdXsVEwUdcpeQSxbEQEVMjIXGuPynnwP
name: admin
enable_admin_ui: true
allow_admin:
- 127.0.0.0/24
admin_key_required: true
enable_admin_cors: true
admin_api_version: v3
admin_listen:
port: 9180
ip: 0.0.0.0
admin_key:
- role: admin
key: edd1c9f034335f136f87ad84b625c8f1
name: admin
config_provider: etcd
role_traditional:
config_provider: etcd
etcd:
prefix: /apisix
startup_retry: 2
host:
- http://etcd:2379
tls:
verify: true
timeout: 30
watch_timeout: 50
graphql:
max_size: 1048576
discovery:
nacos:
timeout:
read: 5000
send: 2000
connect: 2000
prefix: /nacos/v1/
host:
- http://host.docker.internal:8848
weight: 1
access_key: ''
secret_key: ''
fetch_interval: 30
register: false
apisix:
router:
http: radixtree_host_uri
ssl: radixtree_sni
resolver_timeout: 5
enable_server_tokens: true
delete_uri_tail_slash: false
ssl:
enable: true
ssl_ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_session_tickets: false
ssl_trusted_certificate: /etc/ssl/certs/ca-certificates.crt
listen:
- port: 9443
enable_http3: false
ssl_protocols: TLSv1.2 TLSv1.3
proxy_cache:
cache_ttl: 10s
zones:
- disk_path: /tmp/disk_cache_one
cache_levels: '1:2'
name: disk_cache_one
memory_size: 50m
disk_size: 1G
- memory_size: 50m
name: memory_cache
enable_admin: true
events:
module: lua-resty-events
enable_resolv_search_opt: true
disable_sync_configuration_during_start: false
enable_control: true
proxy_mode: http
node_listen: 9080
enable_dev_mode: false
enable_reuseport: true
enable_http2: true
extra_lua_path: ''
extra_lua_cpath: ''
data_encryption:
enable_encrypt_fields: true
keyring:
- qeddd145sfvddff3
- edd1c9f0985e76a2
show_upstream_status_in_response_header: false
enable_ipv6: true
normalize_uri_like_servlet: false
etcd:
prefix: /apisix
startup_retry: 2
host:
- http://etcd:2379
tls:
verify: true
timeout: 30
watch_timeout: 50
...
### Expected behavior
403 errors and logs when accessing ip:port/ui/while using the built-in ui of
apisix3.13.0
apisix: 2025/09/01 02:05:15 [error] 49#49: *358772 access forbidden by rule,
client: 192.168.147.1, server: , request: "GET /ui/ HTTP/1.1", host:
"localhost:9180"
### How to Reproduce
403 errors and logs when accessing ip:port/ui/while using the built-in ui of
apisix3.13.0
apisix: 2025/09/01 02:05:15 [error] 49#49: *358772 access forbidden by rule,
client: 192.168.147.1, server: , request: "GET /ui/ HTTP/1.1", host:
"localhost:9180"
### Screenshots
_No response_
### Environment
- apisix version (cmd: `apisix version`):
- OS (cmd: `uname -a`):
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
- etcd version, if have (cmd: run `etcd --version`):
- apisix-dashboard version, if have:
- Browser version, if have:
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
