403 Error

Hi Everyone,

I am running a VPS with Kloxo installed. I am having issues with accessing the options.php, post.php and a few others. They seem to be very random in behaviour.

I have assigned apache user and group of the files as I found that running as the webhost user didn’t work.

An example of the error is You don’t have permission to access /wp-admin/post.php on this server.

This happens when I try to make a change to a post however, if I make a new post I can edit that. The same with changing template settings some allow access others dont. I am not to sure if mod_security is installed on the server, I have looked and the files are there and are set to ON however many people say Kloxo dosen’t run it.

Here is the .htaccess file I have. It includes the mod_security bypass.

# BEGIN WordPress

# WPhtc: Begin Custom htaccess
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
# WPhtc: End Custom htaccess

# WPhtC: Disable ServerSignature on generated error pages
ServerSignature Off

# WPhtC: Disable directory browsing
Options All -Indexes

# WPhtC: Limit upload size to 150 MB
LimitRequestBody 157286400 

# WPhtC: Protect WP-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# WPhtC: Protect .htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</files>

# WPhtC: Protect comments.php
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*https://removed.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]

# WPhtC: Setting mod_gzip
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

# WPhtC: Setting mod_deflate
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Anyone have any suggestions, I can add a test account if you need to try things.

Thanks