What is the Issue?
When selecting particular menu from the menu bar on the website or saving any data in forms is showing permission error.This means that you are not allowed to open the particular file or folder on HostingRaja VPS or Cloud server.This may be due to missing files and folders or other security restrictions in the Secured Server. A server is called as secured server when it is capable of isolating the spammers, harmful executable files on the server.when you have a secured server you can be assured about the error free data transmission.
Why has this issue occurred?
This problem or issues may be due to any one of the following problem with HostingRaja VPS or cloud:
The folders and files where you have placed your source code i.e public_html, is not given with proper permissions.
Ensure that each directory to which apache has access can be configured with respect to which services and features are allowed and /or disabled in that directory and its subdirectories.
Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule set. If the file/folder which is trying to break the mod security rule set will not be allowed to move further. The mod security works for apache and it blocks some of the functions which is captured by it as it is harmful. some times it simply turns off the apache when some parameters which are not defiend and are acting within its limits. How can we prevent it?
Follow any one of the following steps to prevent from the problem which is mentioned above:
1. Make sure that the files and folder which is present under public_html where your source code is present is having 755 permission instead of 750 and sensitive file should have 700 permission.Using 750 equates to users having read, write, and execute, groups having read and execute, and finally, world i.e your visitors having absolutely zero access, thus they will be forbidden from accessing and/or viewing the contents.
Use the following command to change file/folder permissions:
chmod -R 755 foldername/
Note: Directories should have the execution permission.
File should have read permission.
Do not add execute permission for files.
2. When it comes to the apache configuration, you need to check the below possibilities:
a) When you access a directory and there is no default file found in the directory
Apache options indexes is not abled for the particular directory For example,
DirectoryIndex index.html default.php welcome.php
Make sure that You should not allow directory listing unless REALLY needed. Restrict the default index Directory Index to the minimum.
b) By default, your global directory settings under
/etc/sentora/configs/apache/domains/domainname.conf looks like :
Options +FollowSymLinks -Indexes +ExecCGI
Require all granted
If these lines are missing you need to add it to this file and restart the apache Service using the command:
service httpd restart
Now clear your browser cookies and cache and check whether it is possible to
Access the folder /file.You can also check the error logs and access log of
Particular domain under HostingRaja Log viewer module.
Regarding this you can contact our support team for further details if you have any clarifications before doing any changes.
3. Mod security is a software that we configure alongside web servers to secure them on all HostingRaja VPS and cloud servers. Mod-security has certain rules to filter all incoming requests to the websites in your server.
These rules protect the websites in your server from hack attempts or code injections, which can cause malicious scripts to enter your server and mess it up entirely.
Any request to the web server are filtered by these mod-security rules and if matched against any rule, the user would be denied access to the page and Forbidden error would be displayed. The mod security set certain hirarchy for itself as a filtering action and when one of the web server doesn't obey its limitations it simply blocks to avoid more losses.
One of the default rules that Apache’s mod_security looks for is GET or POST in form submissions. This rule can lead to many contact forms giving 403 server errors in sites.
Special Characters present in the arguments passed on the browser url.
Passing sql injection attack ex: abcd.com/new.php?id=%27
To Resolve this mod security issue you need to contact our support team they will guide you regarding this issue and resolve the problem.