I am receiving a 403 Forbidden error message on my site.

There are typically 2 reasons for receiving a 403 error:

1. Litespeed (the web server software we use as a drop-in replacement for Apache) will reject access to files and folders that contain world and group writeable permissions, as these permissions are considered very insecure and potentially dangerous. Because we do not run mod_php, these permissions are not necessary in any situation, as the PHP process runs as the username of your account on our servers and thus has all the permissions required. To resolve the 403 error you will need to fix the permission(s) on the files and/or folders with the insecure permissions. You can achieve this easily by CHMOD'ing your files/folders from an FTP client. We recommend the following permissions:

All files should be chmod'ed to 644 permissions.

All folders should be chmod'ed to 755 permissions.

2. We implement mod_security on all of our shared servers which acts as a web application firewall. Its purpose is to detect common website attacks and prevent them by blocking requests before they reach the back-end processes (PHP, etc). Unfortunately, the "rules" that are in place can sometimes (relatively rarely) trigger false positives - that is, trying to do something "normal" on your website may cause you to receive a 403 error. This is typically most common when attempting to add, edit or update a blog post or other content via a CMS.

If you are receiving a 403 error when trying to do something on your website, you may be running into one of these false positive triggers. If that's the case, please get in touch with us and provide your IP address so that we can disable the specific mod_security rule causing the problem. We also then submit feedback on this specific rule to the rule developers and mark it as a false positive. In time, this should allow the rule creators to fine-tune these rules and avoid these problems.

  • 18 Users Found This Useful
Was this answer helpful?

Related Articles

I am receiving an AJAX error in cPanel

Please be advised that this is a local (client side) browser issue and is not a server issue....

I cannot change my cPanel password in the client area

If you are receiving a Password Change Failed error message, please ensure you choose a much...

My website is generating an "Internal Server Error" or 500 error.

Each time an "Internal Server Error" occurs, this error is fully logged to an error_log within...

SSL Protocols and Issues Sending or Receiving Mail

During any SSL connection process, there are usually "talks" between the client (your device/s)...

I've received a warning about my reseller disk space

Due to the way cPanel and WHM works, there can be a difference of disk usage reported by our...