I have two sites I'm running suPHP on. One is a static site. I started getting a 403 error a few days ago. I have tried checking file permissions (folder 755, file 644), group permissions user:user. Everything looks okay. Nothing is showing up in my error log for this. I made some fatal changes on my .htaccess file to make sure error log is working. It is. Any ideas what I missed? I'm hoping something simple. I tried reloading a backup from a couple months ago and the error is still showing up
I'm viewing /var/log/apache2/error_log. It appears to be the same as your error log. It doesn't mention the 403 error.
Yes. It doesn't look like error log is recording these. I do see a few 403 in the log though
Code:
[Wed Feb 17 18:30:20.914720 2021] [:error] [pid 9120] [client 171.25.193.20:21335] [client 171.25.193.20] ModSecurity: Access denied with code 403 (phase 2). Match of "rbl nxd
[Wed Feb 17 18:31:55.921580 2021] [:error] [pid 14492] [client 31.220.40.240:50748] [client 31.220.40.240] ModSecurity: Warning. String match "/.env" at REQUEST_FILENAME. [fil
[Wed Feb 17 18:31:55.990894 2021] [:error] [pid 9120] [client 31.220.40.240:50740] [client 31.220.40.240] ModSecurity: Access denied with code 403 (phase 2). Match of "rbl nxd
You may get more details by checking the /etc/apache2/logs/modsec_audit.log file on the system as that would have specific details on what modsec is doing.
It's nothing you're doing wrong - sometimes ModSecurity just gives false positives, as any security tool sometimes can.
You can try disabling that rule on the server to see if that gets things working well. We have an article that explains that process here: How can I disable a ModSecurity rule?
You can try disabling that rule on the server to see if that gets things working well. We have an article that explains that process here: How can I disable a ModSecurity rule?
I had to uninstall OWASP rules in EasyApache. I had them disabled but cPanel reenabled them causing the error again.
I would not expect cPanel to activate a set of rules on the system. If you are able to reproduce that issue, can you let me know the steps you took to make that happen so I can do some testing on my end?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| F | 403 forbidden error in File Manager | File Management | 2 | |
| J | error 403 no permission to / with frontpage website | File Management | 3 | |
| M | 403 error when installing frontpage extension | File Management | 17 | |
| G | 403 errors-everybody's permissions messed up | File Management | 5 | |
| S | 403 Error and public_html Permissions | File Management | 4 |