Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED PHP file is displaying generic 403 Forbidden

Discussion in 'General Discussion' started by Benjamin D., Oct 19, 2017.

  1. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Since I upgraded to v66.0 I'm getting a FORBIDDEN 403 error only on 1 PHP script. It's a Paypal notification PHP script on our server that they call when a transaction is processed)

    There is no error_log even if error_reporting(E_ALL);

    chown + chgrp is the cPanel user's.

    Tried permissions 0755, 0644, same as any other working PHP script in the same directory.

    Tried renaming the file, still outputs a generic 403 Forbidden message.

    Last modification date on that file: 2013-10-05, that's 4 years ago, has always worked pristinely.

    Pulling my hair out. WTF?
     
  2. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I found the solution in another forum. ModSecurity has 2 rules that were interfering with my script, hope this helps somebody coming here in the future:

    If your PHP script has ANY passed variable named "session_id" (POST, GET, COOKIE, etc...?) even if it has nothing to do with PHP's sessions at all (e.g.: $_POST['session_id'] = "This is arbitrary content or my own session ID that has nothing to do with PHP sessions.") then ModSecurity will cut the execution and display a generic 403 Forbidden when your script is called.

    The 2 rules to disable (or duplicate and modify) in WHM > ModSecurity™ Tools > Rules list (top right) were:

    # 943110
    # 943120

    (or just search your variable's name in the search bar and check for other rules containing them in their RegEx)

    Problem solved :)
     
  3. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Glad to see you found the issue @Benjamin D. and thanks for sharing the solution!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice