How to prevent mod-security 403 server errors in webhosting servers
[Fri Jul 15 16:03:06 2016] [error] [client 91.***.**.**] ModSecurity: Access denied with code 403, [Rule:'ARGS|!ARGS:/page_content/|!ARGS:file|
This is a common error faced by web hosts, website owners and server owners. It means that the mod-security rules in the web server are blocking access to the users who try to access any URL in their site.
In our role as Outsourced Support Specialists for web hosting companies, we resolve hundreds of such mod-security errors every day, and today, we’ll take a look at:
- What is 403 server error
- How mod-security causes 403 error
- How to fix 403 server error
What is 403 server error
403 server error happens in websites or applications due to many reasons such as file permission and ownership errors, missing files and folders or other security restrictions in the server.
Web hosts often face complaints from their customers regarding 403 errors in their site due to these security restrictions such as IP block or mod-security rules.
If your server has added any IP address to the blacklist, users trying to access any website content in your server from these IPs would see the error “403 Forbidden / Access Denied.”
[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]
How mod-security causes 403 error
Mod security is a software that we configure alongside web servers to secure them. Mod-security has rules to filter all incoming requests to the websites in your server.
These rules protect the websites in your server from hack attempts or code injections, which can cause malicious scripts to enter your server and mess it up entirely.
Every request to the web server are filtered by these mod-security rules and if matched against any rule, the user would be denied access to the page and error 403 would be displayed.
When mod-security is installed in the web server, many often the default rule set is installed by server owners in their production servers and is set in the file ‘/etc/httpd/conf.d/mod_security.conf’.
One of the default rules that Apache’s mod_security looks for is GET or POST in form submissions. This rule can lead to many contact forms giving 403 server errors in sites.
ModSecurity rules such as port blocks can prevent 3rd party apps such as Horde and Roundcube to show 403 error. Other reasons for 403 server error are outdated versions of software or plugins conflicting with the security rules.
[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]
In the next page : How to fix 403 server error