LiveChat
Support
Blog
Affiliates
A 403 Forbidden error on POST requests (form submissions) is almost always caused by ModSecurity blocking the request. ModSecurity is our web application firewall that protects against SQL injection, cross-site scripting, and other attacks. Occasionally it blocks legitimate form data that matches an attack pattern.
Open a ticket with the URL and form details
ModSecurity rule exceptions need to be configured at the server level. Open a support ticket and include the URL of the form, what you were submitting, and the approximate time of the error. We will check the ModSecurity audit log and add an exception for your legitimate request.
01. Why This Happens
ModSecurity scans all form data, URL parameters, cookies, and headers for patterns that match known attacks. Sometimes legitimate content triggers a rule. Common triggers include:
- HTML content in forms - WYSIWYG editors (like WordPress TinyMCE) submit HTML that can look like XSS attacks
- SQL-like content - Form fields containing words like SELECT, DROP, or UNION
- File uploads - Certain file types or file content patterns
- Long form submissions - Very large POST data
See also ModSecurity Error and 403 Forbidden Error for related issues.
Getting 403 on Form Submissions?
Include the URL, the time of the error, and what you were trying to submit so we can find the exact ModSecurity rule and add an exception.
Open a Support TicketQuick Recap
- 403 on POST = ModSecurity false positive in most cases
- Cannot be fixed from cPanel - Requires server-level rule exception
- Open a ticket with details - URL, time, and what you submitted
- Common with HTML editors and content management systems
- We add targeted exceptions that protect your site while allowing legitimate requests
Web application firewall · Last updated March 2026 · Browse all Error articles
