Don't have access to index.php error.

WaddleJrJr

Member
Sometimes when users try to create a thread on my forum, a xenforo overlay will show up that says,
"The following error occurred:
Forbidden

You don't have permission to access /index.php on this server."

I checked, and permissions for index.php are the standard 644. This error seems to happen at random, but when it does happen it lingers around for quite a while, and retries and refreshes don't seem to fix it consistently.
 
"The following error occurred:
Forbidden

You don't have permission to access /index.php on this server."

Everything on the front end calls index.php. If the permissions on that file were incorrect then it would affect all pages. But since this happens at random it is very likely a problem with the web server. My guess is there is an overly restrictive mod_security rule (or some other module) that is interfering with the request. For example, I have seen mod_security block post submissions that contain certain keywords.

Basically contact your host about this. Ideally they will be able to look in the server logs and identify the cause.
 
Everything on the front end calls index.php. If the permissions on that file were incorrect then it would affect all pages. But since this happens at random it is very likely a problem with the web server. My guess is there is an overly restrictive mod_security rule (or some other module) that is interfering with the request. For example, I have seen mod_security block post submissions that contain certain keywords.

Basically contact your host about this. Ideally they will be able to look in the server logs and identify the cause.
Alright, thanks. I will do that.
 
My guess is there is an overly restrictive mod_security rule (or some other module) that is interfering with the request. Basically contact your host about this. Ideally they will be able to look in the server logs and identify the cause.
Seems like a lot more sites are running with mod_security on.
It might be worthwhile to keep a list of mod_security rules that tend to be the ones that cause the errors.
As well, I don't know if it is possible, but is there a way to get Xenforo to display the root cause of the error is mod_security vs. all these other weird errors ? Some error trapping or something ?
 
Seems like a lot more sites are running with mod_security on.
It might be worthwhile to keep a list of mod_security rules that tend to be the ones that cause the errors.
As well, I don't know if it is possible, but is there a way to get Xenforo to display the root cause of the error is mod_security vs. all these other weird errors ? Some error trapping or something ?

Mod_security has been causing a lot of issues of late.

Personally I would just turn it off altogether.
 
Did you read my suggestion about getting better error reporting and mod_security ?
Is that possible ?

Errr, don't recall anything like that?

Except alot of people like the security :)
My friend was going to abandon my Xenforo suggestion when he had trouble with mod_security & XF.

Personally I feel mod_security is an excuse to follow poor webmaster practices (dont update regularly (both the server and the software)).
 
Sounds like 99% of admins need it.
:)
99.5% of Xenforo purchasers !
:)

The point being, a lot of people think because they have mod_security enabled it is an all in 1 solution to protect their whole server stack, and then slack on other critical aspects of server ownership.

Don't get me wrong , mod_sec can be a very powerful tool, when used correctly. Maybe I should write a guide on configuring it for XenForo?
 
Top Bottom