• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue 403 Forbiden on Code Editor

nuffsaid

New Pleskian
Hi Pleskians

I',m having a small problem with a domain on my Plesk , when I try to access the code editor to edit a file I get the following

You don't have permission to access /smb/file-manager/code-editor on this server.

Even if the file permissions are correct I get the error.
 
How are you accessing Plesk over the URL only or with the Port 8443?
What ModSecurity rule set are you using?
Do you see any error in the mod security logs for this file?

I suspect is from the Web Aplication Firewall if yes there should be something like:
Code:
-2b325438-H--
Message: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf
"] [line "122"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 91.204.25.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "122"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "example.com"] [uri "/smb/file-manager/code-editor"] [unique_id "Xd1MLH00XkBH58UKr4PRfwAAAM8"]
Action: Intercepted (phase 1)
Stopwatch: 1574784044582068 1216 (- - -)
Stopwatch2: 1574784044582068 1216; combined=637, p1=524, p2=0, p3=0, p4=0, p5=112, sr=279, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"


--2b325438-Z--

In my example you would need to add the ID 210492 to the exclusions of modsec:

Should you not find anything in modsec log, check also the panel.log for more information on the error.
 
I am still having this problem right now, and cannot seem to find a solution. All of the dozen or so Drupal sites on the server are fine, but Dashboard access to all 6 Wordpress sites is being blocked.
 
I am still having this problem right now, and cannot seem to find a solution. All of the dozen or so Drupal sites on the server are fine, but Dashboard access to all 6 Wordpress sites is being blocked.
With no logs or anything, no one will be able to say anything additionally
 
Back
Top