OK - so on my little server, I'm running MPM Event on my happy little Apache version latest, and PHP 7 only. Now - recently, we popped on Mod_Security, with the OWASP rules.
Somewhere, a couple of my wordpress domains decided to start a revolt, and they're throwing 403 Forbidden Errors:
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Here's what I've tried.
I've checked the .htaccess. from previous experience the changes done by defender sometimes gets its knickers in knots, and then it doesn't want to play with me. So I've reset the .htaccess to default basic "let's call wordpress".
I've also added the code to make Mod_Sec LEAVE THE DOMAIN ALONE, and i've disabled it in cpanel.
I've checked ALL the file and folder permissions, and there's no other .htaccess beyond the public_html to fiddle with access to the domain.
i'm frigging stumped.
i'd have loved to give you support access, but.... i kenna get into the site, sir. it is a calamitous mess.
lastly - i've renamed the plugins folder to plugins_whatever, and created a blank, new, spritely plugins folder to unconfuse any plugins...
i can get into cpanel though.
oh - i've set the mod_sec logging to verbose and snippy, and looked for the rule firing to block access to those domains. however. there's lots of other triggers on other domains that i can access, but the 2 problematic domains don't seem to be activating ANY rules...
here's the link to the code i use to attempt to identify the rule...