Need help?

Our experts will login to your server within 30 minutes to fix urgent issues.

Customer support or server support, make your own solution using our support configuration wizard.

How to prevent mod-security 403 server errors in webhosting servers

How to prevent mod-security 403 server errors in webhosting servers

[Fri Jul 15 16:03:06 2016] [error] [client 91.***.**.**] ModSecurity: Access denied with code 403, [Rule:'ARGS|!ARGS:/page_content/|!ARGS:file|

This is a common error faced by web hosts, website owners and server owners. It means that the mod-security rules in the web server are blocking access to the users who try to access any URL in their site.

In our role as Outsourced Support Specialists for web hosting companies, we resolve hundreds of such mod-security errors every day, and today, we’ll take a look at:

  1. What is 403 server error
  2. How mod-security causes 403 error
  3. How to fix 403 server error

What is 403 server error

403 server error happens in websites or applications due to many reasons such as file permission and ownership errors, missing files and folders or other security restrictions in the server.

Web hosts often face complaints from their customers regarding 403 errors in their site due to these security restrictions such as IP block or mod-security rules.

If your server has added any IP address to the blacklist, users trying to access any website content in your server from these IPs would see the error  “403 Forbidden / Access Denied.”

[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]

How mod-security causes 403 error

Mod security is a software that we configure alongside web servers to secure them. Mod-security has rules to filter all incoming requests to the websites in your server.

These rules protect the websites in your server from hack attempts or code injections, which can cause malicious scripts to enter your server and mess it up entirely.

Every request to the web server are filtered by these mod-security rules and if matched against any rule, the user would be denied access to the page and error 403 would be displayed.

When mod-security is installed in the web server, many often the default rule set is installed by server owners in their production servers and is set in the file/etc/httpd/conf.d/mod_security.conf’

One of the default rules that Apache’s mod_security looks for is GET or POST in form submissions. This rule can lead to many contact forms giving 403 server errors in sites.

ModSecurity rules such as port blocks can prevent 3rd party apps such as Horde and Roundcube to show 403 error. Other reasons for 403 server error are outdated versions of software or plugins conflicting with the security rules.

[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]

In the next page : How to fix 403 server error


Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.


Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.

Privacy Preference Center


    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    PHPSESSID - Preserves user session state across page requests.

    gdpr[consent_types] - Used to store user consents.

    gdpr[allowed_cookies] - Used to store user allowed cookies.

    PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

    _ga - Preserves user session state across page requests.

    _gat - Used by Google Analytics to throttle request rate

    _gid - Registers a unique ID that is used to generate statistical data on how you use the website.

    smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

    _ga, _gat, _gid
    _ga, _gat, _gid


    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

    test_cookie - Used to check if the user's browser supports cookies.

    1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

    NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

    DV - Google ad personalisation

    IDE, test_cookie, 1P_JAR, NID, DV, NID
    IDE, test_cookie
    1P_JAR, NID, DV