403 error when saving html email

I’m running V3.6.6. PHPlist has been running fine for me for several years. I last successfully sent out a newsletter about two months ago, so the problem has arisen since then.

If I create a new campaign, then paste the same kind of html content that I have always used into the newsletter, then save it, I get a 403 error. If I hand-create simple html content (just plain text, with H1 and P tags only, nothing else), it saves without an error. If I add an IMG tag to this simple html code, with a known-to-exist image in a folder on the same host, I get the 403 error again. This is 100% repeatable behaviour.

Note that I have today created new installations of both V3.6.6 and V3.6.4 on my own personal web space, on a different web hosting company, and I am getting the same 403 errors in the same circumstances as my original installation. This makes me think that something has changed at the web hosts (but two different companies, although they’re both cpanel, so are probably pretty much the same), and this change is blocking something for some kind of real or perceived security issue. However, I’m at a loss to know where to look.

Can anyone offer any suggestions?

Thanks, Peter

@pjetson Might be caused by anti-malware software. The usual suspects are apache ModSecurity and a Wordpress plugin Wordfence.

Hi, Duncan. Thanks for the response. The site runs only PHPlist, no WordPress or anything else, not even a web site.

I have tried putting SecFilterEngine Off into site’s .htaccess file, which is supposed to turn mod security off completely according to my web hosting company’s knowledge base, but I still get the 403 errors. I’ve sent a support request to my web hosting company.

Just posting an update - the hosting company says that PHPlist is triggering a mod security rule, and that they have now whitelisted it. Unfortunately, the problem is still occuring. Hopefully, they’ll be able to resolve the problem with some more action at their end.