1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Don't have access to index.php error.

Discussion in 'Troubleshooting and Problems' started by WaddleJrJr, Dec 31, 2012.

  1. WaddleJrJr

    WaddleJrJr Member

    Sometimes when users try to create a thread on my forum, a xenforo overlay will show up that says,
    "The following error occurred:
    Forbidden

    You don't have permission to access /index.php on this server."

    I checked, and permissions for index.php are the standard 644. This error seems to happen at random, but when it does happen it lingers around for quite a while, and retries and refreshes don't seem to fix it consistently.
     
  2. Dan

    Dan Well-Known Member

    Jake Bunce likes this.
  3. WaddleJrJr

    WaddleJrJr Member

  4. Dan

    Dan Well-Known Member

    I have a feeling we may need a bit more help in debugging this. Do you have access to your error logs? Are you running Apache?
     
    Jake Bunce and Brandon Sheley like this.
  5. WaddleJrJr

    WaddleJrJr Member

    Yes, I looked at the error logs and there hasn't been anything recorded since December 23rd.

    I'm pretty sure the server is running Apache.
     
  6. Dan

    Dan Well-Known Member

    Do you have cPanel on your hosting?
     
    Jake Bunce likes this.
  7. WaddleJrJr

    WaddleJrJr Member

    Yes. I use Cpanel.
     
  8. Dan

    Dan Well-Known Member

    And you have checked the error logs in cPanel as well?
     
    Jake Bunce likes this.
  9. WaddleJrJr

    WaddleJrJr Member

    For some strange reason they show up completely blank, no matter what browser I view them in.

    This hasn't happened in the past, though.
     
  10. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Everything on the front end calls index.php. If the permissions on that file were incorrect then it would affect all pages. But since this happens at random it is very likely a problem with the web server. My guess is there is an overly restrictive mod_security rule (or some other module) that is interfering with the request. For example, I have seen mod_security block post submissions that contain certain keywords.

    Basically contact your host about this. Ideally they will be able to look in the server logs and identify the cause.
     
    WaddleJrJr and Dan like this.
  11. Dan

    Dan Well-Known Member

    Are you caching sessions?
    Is your online timeout to short?

    Just spit balling here.

    Edit. What Jake said ↑
     
  12. WaddleJrJr

    WaddleJrJr Member

    Alright, thanks. I will do that.
     
  13. Digital Doctor

    Digital Doctor Well-Known Member

    Do all the problems go away if you turn off mod_security ?
     
  14. Digital Doctor

    Digital Doctor Well-Known Member

    Seems like a lot more sites are running with mod_security on.
    It might be worthwhile to keep a list of mod_security rules that tend to be the ones that cause the errors.
    As well, I don't know if it is possible, but is there a way to get Xenforo to display the root cause of the error is mod_security vs. all these other weird errors ? Some error trapping or something ?
     
  15. Slavik

    Slavik XenForo Moderator Staff Member

    Mod_security has been causing a lot of issues of late.

    Personally I would just turn it off altogether.
     
  16. Digital Doctor

    Digital Doctor Well-Known Member

    Except alot of people like the security :)
    My friend was going to abandon my Xenforo suggestion when he had trouble with mod_security & XF.
     
  17. Digital Doctor

    Digital Doctor Well-Known Member

    Did you read my suggestion about getting better error reporting and mod_security ?
    Is that possible ?
     
  18. Slavik

    Slavik XenForo Moderator Staff Member

    Errr, don't recall anything like that?

    Personally I feel mod_security is an excuse to follow poor webmaster practices (dont update regularly (both the server and the software)).
     
  19. Digital Doctor

    Digital Doctor Well-Known Member

    Sounds like 99% of admins need it.
    :)
    99.5% of Xenforo purchasers !
    :)
     
  20. Slavik

    Slavik XenForo Moderator Staff Member

    The point being, a lot of people think because they have mod_security enabled it is an all in 1 solution to protect their whole server stack, and then slack on other critical aspects of server ownership.

    Don't get me wrong , mod_sec can be a very powerful tool, when used correctly. Maybe I should write a guide on configuring it for XenForo?
     
    Digital Doctor likes this.

Share This Page