• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue 403 Forbiden on Code Editor

N

nuffsaid

New Pleskian
Hi Pleskians

I',m having a small problem with a domain on my Plesk , when I try to access the code editor to edit a file I get the following

You don't have permission to access /smb/file-manager/code-editor on this server.

Even if the file permissions are correct I get the error.
 
How are you accessing Plesk over the URL only or with the Port 8443?
What ModSecurity rule set are you using?
Do you see any error in the mod security logs for this file?

I suspect is from the Web Aplication Firewall if yes there should be something like:
Code: 
-2b325438-H--
Message: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf
"] [line "122"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 91.204.25.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "122"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "example.com"] [uri "/smb/file-manager/code-editor"] [unique_id "Xd1MLH00XkBH58UKr4PRfwAAAM8"]
Action: Intercepted (phase 1)
Stopwatch: 1574784044582068 1216 (- - -)
Stopwatch2: 1574784044582068 1216; combined=637, p1=524, p2=0, p3=0, p4=0, p5=112, sr=279, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"


--2b325438-Z--

In my example you would need to add the ID 210492 to the exclusions of modsec:
support.plesk.com

 How to disable ModSecurity rule by its ID, tag or regular expression in Plesk?

Applicable to: Plesk for Linux Question How to disable ModSecurity rule by its ID, tag or regular expression in Plesk? Answer Log into Plesk Go to Tools & Settings > Web Application Fire...
support.plesk.com support.plesk.com

Should you not find anything in modsec log, check also the panel.log for more information on the error.
 
I am still having this problem right now, and cannot seem to find a solution. All of the dozen or so Drupal sites on the server are fine, but Dashboard access to all 6 Wordpress sites is being blocked.
 
William Finck said:
I am still having this problem right now, and cannot seem to find a solution. All of the dozen or so Drupal sites on the server are fine, but Dashboard access to all 6 Wordpress sites is being blocked.
Click to expand...
With no logs or anything, no one will be able to say anything additionally
 
You must log in or register to reply here.

Similar threads

O
Question How to allow the download of files with custom extensions from a Plesk server?
Replies
10
Views
974
Kaspar@Plesk
Kaspar@Plesk
C
Question ModSecurity "Access denied with code 403"
Replies
11
Views
1K
Colonel36
C
J
Resolved AH01071: Got error 'PHP message: PHP Warning: Undefined array key "HTTP_X_FORWARDED_PROTO"
Replies
2
Views
3K
JMaartenW
J
L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
500
loman
L
B
Issue WP Page Editor display issue.
Replies
1
Views
780
bilaalmirza
B
Back
Top