[Fri Jul 15 16:03:06 2016] [error] [client 91.***.**.**] ModSecurity: Access denied with code 403, [Rule:'ARGS|!ARGS:/page_content/|!ARGS:file|

This is a common error faced by web hosts, website owners and server owners. It means that the mod-security rules in the web server are blocking access to the users who try to access any URL in their site.

In our role as Outsourced Support Specialists for web hosting companies, we resolve hundreds of such mod-security errors every day, and today, we’ll take a look at:

1. What is 403 server error
2. How mod-security causes 403 error
3. How to fix 403 server error

What is 403 server error

403 server error happens in websites or applications due to many reasons such as file permission and ownership errors, missing files and folders or other security restrictions in the server.

Web hosts often face complaints from their customers regarding 403 errors in their site due to these security restrictions such as IP block or mod-security rules.

If your server has added any IP address to the blacklist, users trying to access any website content in your server from these IPs would see the error  “403 Forbidden / Access Denied.”

[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]

How mod-security causes 403 error

Mod security is a software that we configure alongside web servers to secure them. Mod-security has rules to filter all incoming requests to the websites in your server.

These rules protect the websites in your server from hack attempts or code injections, which can cause malicious scripts to enter your server and mess it up entirely.

Every request to the web server are filtered by these mod-security rules and if matched against any rule, the user would be denied access to the page and error 403 would be displayed.

When mod-security is installed in the web server, many often the default rule set is installed by server owners in their production servers and is set in the file ‘/etc/httpd/conf.d/mod_security.conf’. 

One of the default rules that Apache’s mod_security looks for is GET or POST in form submissions. This rule can lead to many contact forms giving 403 server errors in sites.

ModSecurity rules such as port blocks can prevent 3rd party apps such as Horde and Roundcube to show 403 error. Other reasons for 403 server error are outdated versions of software or plugins conflicting with the security rules.

[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]

In the next page : How to fix 403 server error

How to fix 403 server error in web hosting servers

While mod-security helps secure web servers against attacks, if not configured properly, the rules can affect normal functioning of websites too.

At Bobcares, our Tech Support Specialists have expertise configuring security software such as Mod security and firewalls for our customers who are web hosts.

To prevent users complaining about website unavailability due to mod-security rules blocking valid URLs and giving 403 server errors, we follow these best practices for our customers.

1. Initial testing in detection mode

Mod security rules can contain a lot of false positives, which can disrupt working websites and end up affecting businesses. That’s why we never activate mod security in live servers without testing.

While configuring mod security in production servers, we initially run it in ‘Log only’ or ‘Detection only’ modes, which do not block any web requests but notifies the mismatches in the logs.

Our expert techs review these logs and filters out the false positives and modifies the rule sets to exclude those. Once the test is complete and no false positives are noted, we activate Mod security in the server.

This initial testing phase helps us avoid website downtime, customer complaints and business loss due to unwanted rules in the Mod security configuration.

2. Writing custom rule sets for servers

Mod security default rule set is written to wade away most attacks, and it may not suit all websites. Custom applications or website pages can get affected by these unwanted rules.

Bobcares expert engineers configure custom mod security rule sets in servers after assessing the type of website applications and pages in it, and this helps to avoid any 403 server errors in sites.

[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (bulk discounts available) ]

3. Examining apache logs and mod-security logs

Even after activating mod security after proper testing, we keep monitoring its effectiveness by reviewing the Apache and mod-security log files. In cPanel servers, these logs are stored in databases.

While monitoring these logs, if we notice any new false positives or valid pages being blocked, we disable the rule set specific to each domain or server wide, depending on its impact.

403 Forbidden error also happens when the web server and Mod security versions get incompatible. We install the latest versions of Apache and Mod security in servers to avoid this issue.

Many often we see end customers requesting server owners to completely disable mod-security for their domains, but we do not recommend this practice due to security concerns.

Instead, we customize rules for the customers’ software and websites to work. This helps us to get the sites working, without compromising the security aspects of the server.

4. Monitoring server performance

Each mod security rule would consume server resources such as CPU and RAM, as all these rules have to be applied and checked when each web request comes.

The resources spent by the server on Mod security varies with the total number of rules and the regular expression format. The more the number of rules to check, the more resources would be spent on the check.

Bobcares technicians, with their expertise in writing efficient regular expressions, are able to optimize Mod security and reduce the resource usage in the server by around 50%.

Adjusting the mod security configuration parameters also helps to improve server performance. This helps us to maintain our customer servers secure, without losing its performance.

In our customers’ servers, we proactively secure and optimize the servers to avoid any issues that could affect the services. If you’d like to know how you can better support your customers, we’d be happy to talk to you.