How To Fix 403 Forbidden Error

Following an update, I started getting random 403 Forbidden errors on some of my (and my clients) sites.

In this situation, I would normally check the Apache error log to see what was causing the problem, but there was nothing in the log to suggest anything was amiss. This is how I resolved my situation.

The Two Main Causes of 403 Forbidden Errors

There are two main causes for this error:

1. Files not having the correct permissions (ie chmod 755 for folders and 644 files
2. Mod Security preventing access

1. Permissions

In Centos Web Panel, this is easily fixed by going to User Accounts > Fix Permissions, Other web panels will have a similar function to simplify the solution.

2. Mod Security

In my case the problem was being triggered by a mod_security rule not being met.

To find out which rule is being broken is a simple case of checking the log. However, that's a little difficult if the errors are not being logged!

There are two entries in the mod_security configuration file that determine the error logging status of the application:

The first entry determines the location and name of the log file and the second indicates what (if anything) is recorded in the log.

The options for the Log Level are:

0. No logging
1. Errors (e.g., fatal processing errors, blocked transactions)
2. Warnings (e.g., non-blocking rule matches)
3. Notices (e.g., non-fatal processing errors)
4. Informational
5. Detailed
6. Not Used
7. Not Used
8. Not Used
9. Everything!

In my case, the log level was set to '0'. I changed this to '1' (saved the configuration file and restarted apache) and was then able to start debugging the cause of the 403 errors.

To find out how to remove a rule from mod_security, check this article out.