If I try to enter html code in the forum description text area I get this error when saving:
Forbidden
You don't have permission to access /admin/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
sounds like a plugin conflict, maybe a security plugin?
looks like
mod_security is affecting.
if you are using
shared web hosting then contact your web host & request to
disable it
I dont think its mod_security, I tried to follow the instructions to see if it was in my php info or in the error log and there was no mention of "mod_security" anywhere. this is what I see in my error log:
[Sat Sep 02 02:35:04 2017] [error] [client --.---.-.---] File does not exist: /home/---/---.---.---/403.shtml, referer: http://---.---.---/admin/index.php?module=forum-management&action=edit&fid=2
(i removed my ip and url info)
^ that error message is saying that regular error serving page (viz., 403.shtml) is not available.
that has no relation with the actual issue you have described in your previous post (#1) here.
You were correct! I talked with support it was mod_security, this is what they did to fix it:
The rule will be whitelisted for the entire cPanel account. Here is it: ModSecurity: Access denied with code 403 (phase 2). String match "<" at ARGS_POST:description. [file "/var/cpanel/cwaf/rules/32_Apps_OtherApps.conf"] [line "3216"] [id "242402"] [rev "1"] [msg "COMODO WAF: XSS vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 (CVE-2015-2149)||---.---.---|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "---.---.---"] [uri "/admin/index.php"] [unique_id "---"]
I wish this could be fixed without having to go to support, I don't understand why entering html in that field triggered mod_security