• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Issue Server Error 403-Forbidden You do not have permission to access this document.

T

tbeorafael

New Pleskian
Server operating system version
Ubuntu 24.02
Plesk version and microupdate number
18.0.67

Hello,

I need help to solve this issue. After installing a Wordpress site on Ubuntu 24.02 Plesk Obsidian version 18.0.67 and getting this error:

Server Error

403
Forbidden
You do not have permission to access this document.

Best regards.
 
Check whether your document root directory is owned by
Code: 
<username>:psaserv
Sometimes users create that directory from scratch and is is then owned by
Code: 
<username>:psacln
which will not work and lead to the 403 error.
 
Here you can see th error log.

ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?:(?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(?:(?:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_first. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "64"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||tbeotours.com|F|2"] [data "Matched Data: |||tct=(none) found within REQUEST_COOKIES:sbjs_first: typ=referral|||src=38.105.209.40|||mdm=referral|||cmp=(none)|||cnt=/|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname

[Mon Feb 17 11:30:51.407160 2025] [ssl:warn] [pid 1310:tid 133734849267584] AH01909: tbeotours.com:443:0 server certificate does NOT include an ID which matches the server name

[Mon Feb 17 11:37:45.318465 2025] [proxy_fcgi:error] [pid 38175:tid 133734139430592] [client 217.154.82.33:0] AH01071: Got error 'Primary script unknown'

[Mon Feb 17 12:18:52.822583 2025] [proxy_fcgi:error] [pid 38190:tid 133734640649920] [client 167.99.51.163:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 12:28:38.716866 2025] [security2:error] [pid 38175:tid 133734500140736] [client 20.12.122.10:0] [client 20.12.122.10] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||exampl.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "example.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z7MdZqaOtX_SaINZk2zJPwAAAAc"]
[Mon Feb 17 13:19:07.719482 2025] [proxy_fcgi:error] [pid 38175:tid 133734128944832] [client 194.36.84.38:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 13:58:14.304917 2025] [proxy_fcgi:error] [pid 38190:tid 133734640649920] [client 45.156.130.38:0] AH01071: Got error 'Primary script unknown', referer: https://3.234.13.72/status.php
[Mon Feb 17 14:24:53.264837 2025] [proxy_fcgi:error] [pid 38190:tid 133734298814144] [client 54.156.66.55:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 15:04:08.212728 2025] [proxy_fcgi:error] [pid 38190:tid 133734802130624] [client 52.14.101.182:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 15:23:26.265331 2025] [proxy_fcgi:error] [pid 38175:tid 133734489654976] [client 103.77.107.199:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 15:23:33.904575 2025] [proxy_fcgi:error] [pid 38175:tid 133734319785664] [client 103.77.107.199:0] AH01071: Got error 'Primary script unknown'
[Mon Feb 17 15:23:40.490764 2025] [proxy_fcgi:error] [pid 38190:tid 133733906646720] [client 103.77.107.199:0] AH01071: Got error 'Primary script unknown'

--------------------------------------------------------------------------
 
You must log in or register to reply here.

Similar threads

A
Question Server Error 403 Forbidden - Wordpress migration
Replies
5
Views
837
abdulsemiu
A
O
Question How to allow the download of files with custom extensions from a Plesk server?
Replies
10
Views
2K
Kaspar@Plesk
Kaspar@Plesk
J
Issue Random 403 Forbidden errors
Replies
7
Views
3K
mediamaster
M
S
Issue 403 Forbidden after CLI install of SuiteCRM 8.5.0 on Plesk server
Replies
4
Views
2K
smilan
S
L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
8K
loman
L
Back
Top