Error Description

While saving a Joomla contribution, which includes PHP-Code and is interpreted via DirectPHP (a Joomla plugin), I get the message 403 Forbidden - You do not have permissions to access this document. Des Weiteren kommt diese Meldung bei Bearbeiten der Plugin-./p


The error is created by the webserver, which includes a Plesk management GUI with a activated web application firewall. While I am saving the contribution, there´s a match with the configured pattern and the result is the deny.

ModSecurity: Access denied with code 403 (phase 2).
[id "211230"]

[data "Matched Data: fgetc found within ARGS:jform[params][block_list]: basename, chgrp, chmod, chown, clearstatcache, copy, delete, dirname, disk_free_space, disk_total_space, diskfreespace, fclose, feof, fflush, fgetc, fgetcsv, fgets, fgetss, file_exists, file_get_contents, file_put_contents, file, fileatime, filectime, filegroup, fileinode, filemtime, fileowner, fileperms, filesize, filetype, flock, fnmatch, fopen, fpassthru, fputcsv, fputs, fread, fscanf, fseek, fstat, ftell, ftruncate, fwrite, glob, [uri "/administrator/index.php"]

Debugging / Workaround

As a workaround, I added two exceptions in the web application firewall. The Security-Rule-IDs, which are needed, are listet in the error protocol.

For my case the IDs are: