I get "You don't have permission to access /imp/basic.php on this server" error when trying to send e-mail in horde webmail


 I get “You don’t have permission to access /imp/basic.php on this server” error when trying to send e-mail in horde webmail


Hello everyone ,

Today i got some interesting problem with our client in Linux Plesk server.

I use : OS : CloudLinux Server 6.5 + Panel version : 11.5.30


Symptoms of that problem

When trying to send e-mail or do some changes in the webmail , following error appears:

You don't have permission to access /imp/basic.php on this server.
Apache Server at webmail.domainname.com Port 80


You don't have permission to access /imp/compose.php on this server


Apache error:

[error] [client] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "70"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "HOSTNAME"] [uri "/horde/imp/compose.php"] [unique_id "8m0u-n8AAAEAAD7blhoAAAAO"]


Resolution of this problem

Very simple , you just need to know if mod_security working in that server.

If it enabled and working you need to check first thing: LOGS and see mod_security error.

You need to configure mod_security properly or disable it from apache configuration.


Links :

About mod_security





Little explanation regarding Mod Security

Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable the mod_security rules we can show you how, and help you do so.

When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don’t have security checks in their code.


Good luck ,