Title: agentbuzz's Replies | WordPress.org --- # agentbuzz [ ](https://wordpress.org/support/users/agentbuzz/) * [Profile](https://wordpress.org/support/users/agentbuzz/) * [Topics Started](https://wordpress.org/support/users/agentbuzz/topics/) * [Replies Created](https://wordpress.org/support/users/agentbuzz/replies/) * [Reviews Written](https://wordpress.org/support/users/agentbuzz/reviews/) * [Topics Replied To](https://wordpress.org/support/users/agentbuzz/replied-to/) * [Engagements](https://wordpress.org/support/users/agentbuzz/engagements/) * [Favorites](https://wordpress.org/support/users/agentbuzz/favorites/) Search replies: ## Forum Replies Created Viewing 1 replies (of 1 total) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [You don’t have permission to access /blog/wp-admin/options.php](https://wordpress.org/support/topic/you-dont-have-permission-to-access-blogwp-adminoptionsphp/) * [agentbuzz](https://wordpress.org/support/users/agentbuzz/) * (@agentbuzz) * [17 years, 6 months ago](https://wordpress.org/support/topic/you-dont-have-permission-to-access-blogwp-adminoptionsphp/#post-798066) * If you don’t want to turn off mod_security altogether, you can turn off the global rule that forbids directory listings. mod_security considers that to be “information give-away”. I had the same problem with access upon logging in to the WordPress admin page, and the following was reported in the mod_security audit log: * Message: Access denied with code 403 (phase 4). Pattern match “(?:<(?:TITLE>Index of.*?Index of.*?Index of|>\[To Parent Directory\]<\/[Aa]> )” at RESPONSE_BODY. [file “/usr/local/apache2/conf/modsecurity/modsecurity_crs_50_outbound. conf”] [line “54”] [id “970013”] [msg “Directory Listing”] [severity “WARNING”][ tag “LEAKAGE/INFO”] * Sure enough, on line 54 of one of the rulesets, this is preventing access to the directory listing: * 52 # Directory Listing 53 #SecRule RESPONSE_BODY “(?:<(?:TITLE>Index of.*?< H|title>Index of.*?Index of|>\[To Parent Directory\]<\/[Aa]>)” \ 54 # “phase: 4,t:none,ctl:auditLogParts=+E,deny,log,auditlog,status:403,msg:’Directory Listing’, id:’970013′,tag:’LEAKAGE/INFO’,severity:’4′” * As you can see, I just commented out that one rule. Then I re-started Apache. No access errors. Viewing 1 replies (of 1 total)