How To Fix 403 Forbidden Error
Posted by The Curious Website Designer | Posted on Fri 28 Jun 2019
Following an update, I started getting random 403 Forbidden errors on some of my (and my clients) sites.
In this situation, I would normally check the Apache error log to see what was causing the problem, but there was nothing in the log to suggest anything was amiss. This is how I resolved my situation.
The Two Main Causes of 403 Forbidden Errors
There are two main causes for this error:
- Files not having the correct permissions (ie chmod 755 for folders and 644 files
- Mod Security preventing access
1. Permissions
In Centos Web Panel, this is easily fixed by going to User Accounts > Fix Permissions, Other web panels will have a similar function to simplify the solution.
2. Mod Security
In my case the problem was being triggered by a mod_security rule not being met.
To find out which rule is being broken is a simple case of checking the log. However, that's a little difficult if the errors are not being logged!
There are two entries in the mod_security configuration file that determine the error logging status of the application:
- SecDebugLog /usr/local/apache/logs/modsec_debug.log
- SecDebugLogLevel 1
The first entry determines the location and name of the log file and the second indicates what (if anything) is recorded in the log.
The options for the Log Level are:
- No logging
- Errors (e.g., fatal processing errors, blocked transactions)
- Warnings (e.g., non-blocking rule matches)
- Notices (e.g., non-fatal processing errors)
- Informational
- Detailed
- Not Used
- Not Used
- Not Used
- Everything!
In my case, the log level was set to '0'. I changed this to '1' (saved the configuration file and restarted apache) and was then able to start debugging the cause of the 403 errors.
To find out how to remove a rule from mod_security, check this article out.
Related Articles
Centos Web Panel - How To Disable a Mod Security Rule For A Single Domain
Posted by: The Curious Website Designer
on Sun 18 Feb 2018
I recently had cause to disable a mod_security rule for this website (it didn't like me trying to make reference to system files in my posts), so I researched it online and made the appropriate changes. However, I have subsequently discovered that it is fairly easy to do it from within the Centos Web Panel. Here's how to do it.
Tags: 403 error, 403 errors, mod_security, mod security