Strange 403 error on images


I have a rather strange issue.

Images from the KCFinder are throwing a 403 in two different scenarios.

I’m running the latest version of PHPlist with PHP7.4 on Ubuntu 24.04 with Virtualmin hosting 6 virtual servers.

This all started after I updated the CKEditor plugin in the PHPList dashboard.

Scenario 1:

When adding an image to a campaign, I can upload the image or browse the server with no problem.

However, when I choose an image for the campaign, I get a red X and the image is not added.

The images are publicly visible in any browser via the file path.

However, as you can see below, the image will embed here with or without the www. prefix.

Scenario 2:

My custom subscribe page only shows images when typing the www. prefix in the URL like so

Without the prefix,, the images give a 403 error.

Here is one of the browser errors for the subscribe page:

If you visit the subscribe page with the www. prefix in your browser first, the images will then appear on the subscribe page without the prefix. Strange.

What I have done.

  • I have checked the file permissions and everything seems good.
  • I have checked htaccess file and everything looks good.
  • I have edited the config file for KCfinder to not check for htaccess and nothing changed. So I switched it back.

I assume this involves redirecting the /lists directory to the www. prefix.

My DNS redirect is set up to forward my domain to the www. prefix so I’m not sure why this is happening.

Please help!
Thanks in advance @duncanc :smile:

@AZBackroads Try editing the subscribe page so that the image URLs do not include “www.”

img src=""


img src=""

Also, on the Settings page in phplist ensure that the “website address” field doesn’t include the “www.” prefix. Then phplist should work consistently on

@AZBackroads Just noticed that your main web site does have the “www.” prefix so you might want to invert my suggestion so that everything in phplist has the prefix.

You can redirect requests that do not have the “www.” prefix which might help. That can be done in .htaccess, e.g. Redirect non-www to www in .htaccess - Stack Overflow

Thank you, sir!

I added the following to the htaccess file in the /lists directory. Ultimately, this is what fixed the issue.

# Redirect to www
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I changed the images to include the www. prefix on the subscribe page as you suggested.

I also changed the website address field on the settings page to include the www. prefix.

Works perfectly!