Bobcares

How to prevent mod-security 403 server errors in webhosting servers

by | Jun 25, 2018

[Fri Jul 15 16:03:06 2016] [error] [client 91.***.**.**] ModSecurity: Access denied with code 403, [Rule:'ARGS|!ARGS:/page_content/|!ARGS:file|

This is a common error faced by web hosts, website owners and server owners. It means that the mod-security rules in the web server are blocking access to the users who try to access any URL in their site.

In our role as Outsourced Support Specialists for web hosting companies, we resolve hundreds of such mod-security errors every day, and today, we’ll take a look at:

  1. What is 403 server error
  2. How mod-security causes 403 error
  3. How to fix 403 server error

What is 403 server error

403 server error happens in websites or applications due to many reasons such as file permission and ownership errors, missing files and folders or other security restrictions in the server.

Web hosts often face complaints from their customers regarding 403 errors in their site due to these security restrictions such as IP block or mod-security rules.

If your server has added any IP address to the blacklist, users trying to access any website content in your server from these IPs would see the error  “403 Forbidden / Access Denied.”

[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]

How mod-security causes 403 error

Mod security is a software that we configure alongside web servers to secure them. Mod-security has rules to filter all incoming requests to the websites in your server.

These rules protect the websites in your server from hack attempts or code injections, which can cause malicious scripts to enter your server and mess it up entirely.

Every request to the web server are filtered by these mod-security rules and if matched against any rule, the user would be denied access to the page and error 403 would be displayed.

When mod-security is installed in the web server, many often the default rule set is installed by server owners in their production servers and is set in the file/etc/httpd/conf.d/mod_security.conf’

One of the default rules that Apache’s mod_security looks for is GET or POST in form submissions. This rule can lead to many contact forms giving 403 server errors in sites.

ModSecurity rules such as port blocks can prevent 3rd party apps such as Horde and Roundcube to show 403 error. Other reasons for 403 server error are outdated versions of software or plugins conflicting with the security rules.

[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]

In the next page : How to fix 403 server error

How to fix 403 server error in web hosting servers

While mod-security helps secure web servers against attacks, if not configured properly, the rules can affect normal functioning of websites too.

At Bobcares, our Tech Support Specialists have expertise configuring security software such as Mod security and firewalls for our customers who are web hosts.

To prevent users complaining about website unavailability due to mod-security rules blocking valid URLs and giving 403 server errors, we follow these best practices for our customers.

1. Initial testing in detection mode

Mod security rules can contain a lot of false positives, which can disrupt working websites and end up affecting businesses. That’s why we never activate mod security in live servers without testing.

While configuring mod security in production servers, we initially run it in ‘Log only’ or ‘Detection only’ modes, which do not block any web requests but notifies the mismatches in the logs.

Our expert techs review these logs and filters out the false positives and modifies the rule sets to exclude those. Once the test is complete and no false positives are noted, we activate Mod security in the server.

This initial testing phase helps us avoid website downtime, customer complaints and business loss due to unwanted rules in the Mod security configuration.

2. Writing custom rule sets for servers

Mod security default rule set is written to wade away most attacks, and it may not suit all websites. Custom applications or website pages can get affected by these unwanted rules.

Bobcares expert engineers configure custom mod security rule sets in servers after assessing the type of website applications and pages in it, and this helps to avoid any 403 server errors in sites.

[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (bulk discounts available) ]

3. Examining apache logs and mod-security logs

Even after activating mod security after proper testing, we keep monitoring its effectiveness by reviewing the Apache and mod-security log files. In cPanel servers, these logs are stored in databases.

While monitoring these logs, if we notice any new false positives or valid pages being blocked, we disable the rule set specific to each domain or server wide, depending on its impact.

403 Forbidden error also happens when the web server and Mod security versions get incompatible. We install the latest versions of Apache and Mod security in servers to avoid this issue.

Many often we see end customers requesting server owners to completely disable mod-security for their domains, but we do not recommend this practice due to security concerns.

Instead, we customize rules for the customers’ software and websites to work. This helps us to get the sites working, without compromising the security aspects of the server.

4. Monitoring server performance

Each mod security rule would consume server resources such as CPU and RAM, as all these rules have to be applied and checked when each web request comes.

The resources spent by the server on Mod security varies with the total number of rules and the regular expression format. The more the number of rules to check, the more resources would be spent on the check.

Bobcares technicians, with their expertise in writing efficient regular expressions, are able to optimize Mod security and reduce the resource usage in the server by around 50%.

Adjusting the mod security configuration parameters also helps to improve server performance. This helps us to maintain our customer servers secure, without losing its performance.

In our customers’ servers, we proactively secure and optimize the servers to avoid any issues that could affect the services. If you’d like to know how you can better support your customers, we’d be happy to talk to you.

 

 

STOP SPENDING TIME ON SUPPORT!

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

HIRE SUPPORT SPECIALISTS AT $9.99/HR

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF