So this error, this little error, was the bane of existence for 3 whole days.

Developers at the company started complaining of getting 403 Forbidden errors, at first I thought it was modsecurity, because a 403 Forbidden message is almost always thrown by modsecurity. This wasn’t the case here. I moved on, started scouring Google for answers.

Quickly I realized that that this maybe an issue because I was running Apache 2.4 on this server, 99.999% of the threads on Google suggested altering the vhost.conf for the site and add the following

This was a bust as well, I tried putting this line in the main httpd.conf at /etc/httpd/conf as well but no joy.

What I was slow to notice was that all the threads I was looking at had people complaining about getting this error all the time whereas I was only getting these at random instances. The dev lead here then hit my server with a seige attack which brought forward the issue. The issue would arise after a couple of successful hits first.

I then took to the internet again, this time through the anals of the time. I ended up with a threads from 2006, was about to dismiss it for the sake of obsolescence but thought what the hell. Turns out the answer was in there.

MOD_EVASIVE! YOU SUMBITCH!

Mod_Evasive was the lovely little config that was causing all the problems. *sigh*

With this piece of information in hand, I had two options, either tweak mod_evasive’s config to be more lenient or completely disable it. I decided to disable it completely until I can test the tweaks on a test server.

This is the thread that saved my life (pr0gr4mm3r.com): LINK