Persistent 403 Forbidden Error (Not .htaccess/Permissions) - Need WAF/ModSecurity Check

erinresch · October 30, 2025, 9:31pm

Hello,

I am experiencing a persistent 403 Forbidden error on my site, www.ecoerin.com. I have gone through all standard troubleshooting steps and can definitively confirm the block is a server-side issue, likely ModSecurity/WAF, not a configuration issue on my end. My site is currently completely unusable.

Account Details:

Username: epiz_25494868]
Domain: www.ecoerin.com

Extensive Diagnosis and Evidence

I have methodically eliminated all possible client-side and file-related causes.

1. Content Test Performed (CRITICAL):

I completely replaced the contents of /htdocs/index.html with this minimal, non-offensive test page: <!DOCTYPE html><html><body><h1>TEST PAGE</h1></body></html>
Result: The domain still returns the official InfinityFree 403 Forbidden error page. This definitively rules out my website content as the source of the block.

2. Configuration Files Eliminated:

I have renamed all .htaccess files, including the one in the root directory and any others in /htdocs, to .bak files.
The error persists, confirming that the block is not caused by any of my .htaccess rules.

3. Permissions Addressed:

Since the online file manager does not allow permission checking, I must assume they are the correct defaults (755 for folders, 644 for files).
Furthermore, the server is returning a generic 403 Forbidden and not a more specific file system error, which strongly suggests the block is happening before the request even hits the file permissions check.

Conclusion and Request to Staff

As the error persists even with minimal content and no active .htaccess files, the block is originating from a server-level firewall (ModSecurity/WAF).

The server is receiving the request but is being told to deny access based on an internal security rule, likely triggered by a previous action or a rule with overly broad matching.

Could a staff member or moderator please check the Web Application Firewall (WAF) or ModSecurity logs for my account/domain? I need to know the specific rule that is being triggered and blocking access to the entire directory so the block can be lifted.

Thank you very much for your help.

dan3008 · October 30, 2025, 9:44pm

Have you made sure your index.html file doesn’t have a capital?

I know it sounds crazy, but the server is case sensitive.

The other thing to check is in your dashboard, in the domain, you’ll see a box that looks something like this:

Make sure you’re working in the right htdocs folder. I know I’ve made that mistake before

This post from admin might help further:

Also make sure you’re not using the www. sub sub domain if youre using https/.

erinresch · October 30, 2025, 9:51pm

yes 100% I’ve checked multiple times.

Greenreader9 · October 30, 2025, 10:10pm

I see a site.pro welcome page, no 403 errors.

erinresch · October 30, 2025, 10:57pm

Thank you I was able to resolve this. thanks!

dan3008 · October 31, 2025, 8:48am

Out of interest, what was the problem, and how did you fix it?

Sharing this might help others fix similar issues in the future

system · November 7, 2025, 8:49am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.