Hello, I Installed a moodle platform in my subdomain with no problem at all, when i was configuring the appearence, it show me the error 403, and since that i cant accces. Using plesk i saw this error in the log of the subdomain:
ModSecurity: Access denied with code 403 (phase 4). Match of "rx (?:\\\\b(?:gif|(?:cws|f(?:lv|ws)|i(?:d3|hdr|nterplay)|m(?:ovi|thd)|r(?:ar\\\\!|iff)|varg|(?:ex|jf)if)\\\\b)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/16_Outgoing_FilterPHP.conf"] [line "20"] [id "214630"] [rev "1"] [msg "COMODO WAF: PHP source code leakage||xxxxxx.xxxxxx.co|F|3"] [data "Matched Data: <? found within RESPONSE_BODY: <!DOCTYPE html>\\x0a<html dir=\\x22ltr\\x22 lang=\\x22es\\x22 xml:lang=\\x22es\\x22>\\x0d\\x0a<head>\\x0d\\x0a <title>New Oxford Preschool</title>\\x0d\\x0a <link rel=\\x22shortcut icon\\x22 href=\\x22https://XXXX.XXXXX.co/theme/image.php/eguru/theme/1590640936/favicon\\x22 />\\x0d\\x0a <meta http-equiv=\\x22Content-Type\\x22 content=\\x22text/html; charset=utf-8\\x22 />\\x0a<meta name=\\x22keywords\\x22 content=\\x22moodle, New Oxford Preschool\\x22 />\\x0a<link rel=\\x22..."] [severity "ERROR"] [tag "CWAF"] [tag "FilterPHP"] [hostname "XXXXXX.XXXXX.co"] [uri "/index.php"] [unique_id "Xs@4o55QHcKW7RJ7kLofVwAAAEM"].
I suppose it is an error on permissions, i´ve already give -R 0770 to my moodledata directory and i proved with -R 777 to all my subdomain directory but with the same result, error 403. I appreciate a lot your help!!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya
The error message indicates that the issue is related to the ModSecurity Web Application Firewall (WAF) blocking the request due to a rule match.
Disable ModSecurity for your subdomain: disable ModSecurity for your subdomain. This is not recommended for production environments, as it will leave your subdomain more vulnerable to attacks.
Disable the specific rule causing the issue: If you have access to the server configuration, you can disable the specific rule causing the issue (rule 214630). To do this, add the following lines to the Apache configuration file or .htaccess file within your subdomain directory:
- <IfModule mod_security2.c>
- SecRuleRemoveById 214630
- </IfModule>
After making the change, restart the Apache service:
- service apache2 restart
Whitelist your IP address: You can also whitelist your IP address in the ModSecurity configuration to bypass the rule. To do this, add the following lines to the Apache configuration file or .htaccess file within your subdomain directory (replace your_ip_address with your actual IP address):
- <IfModule mod_security2.c>
- SecRule REMOTE_ADDR "@ipMatch your_ip_address" "id:1,phase:1,nolog,allow,ctl:ruleEngine=Off"
- </IfModule>
After making the change, restart the Apache service.
These options should resolve the 403 error caused by the ModSecurity rule. However, be cautious when disabling security rules or whitelisting IP addresses, as it may expose your subdomain to potential threats. Always ensure that your application is secure and up-to-date to minimize the risk of security vulnerabilities.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.