You don’t have permission to access /index.php on this server OpenCart + CentOS + Apache + MOD_SECURITY

oc-strange-bug

I noticed a problem after migrating a Opencart v2 project to a new server.  (Special thanks to Dejan)

Server Specs : HP Proliant Blade Server G7 Dual XEON ~ 24 Cores

Running : CentOS 7.x / Webmin / Apache / MySQL / CSF / MOD_SEC

I ran into a problem when I was adding multiple products at the same time into the cart “A fresh OpenCart Install”. After the third click on Add to Cart… I received this error!

Forbidden “You don’t have permission to access /…/index.php”

After reading a lot of blog’s on this subject and many tests,,… I found out that this was caused by the server!

This apply only if you have installed MOD_SECURITY on your Apache Server.

How to fix this?

Open the following configuration file /etc/httpd/conf.f/mod_evasive.conf

# mod_evasive configuration
LoadModule evasive20_module modules/mod_evasive24.so

<IfModule mod_evasive24.c>
# The hash table size defines the number of top-level nodes for each
# child’s hash table.  Increasing this number will provide faster
# performance by decreasing the number of iterations required to get to the
# record, but consume more memory for table space.  You should increase
# this if you have a busy web server.  The value you specify will
# automatically be tiered up to the next prime number in the primes list
# (see mod_evasive.c for a list of primes used).
DOSHashTableSize    3097

# This is the threshhold for the number of requests for the same page (or
# URI) per page interval.  Once the threshhold for that interval has been
# exceeded, the IP address of the client will be added to the blocking
# list.
DOSPageCount        3  “CHANGE THIS TO 12”

# This is the threshhold for the total number of requests for any object by
# the same client on the same listener per site interval.  Once the
# threshhold for that interval has been exceeded, the IP address of the
# client will be added to the blocking list.
DOSSiteCount        50

Save the .conf file and then restart your Apache Server

Et voilà!