You don't have permission to access /admin/notifications.json/task

Testing Grav on new server and ran into message below every time any admin page is accessed.
The message appears as red modal and then disappears:

403 Forbidden

You don't have permission to access /admin/notifications.json/task:processNotifications
on this server.

Have not used Grav enough to understand what file and permissions to look for.

Thanks in advanced for any input.


Is this a Windows server? in this case, see

Otherwise it’s a mod_security configuration problem- see

Thanks @flaviocopes. Thought I had specified CentOS, my bad.

You got me on the right track with mod_security now just have to drill down to solve issue.

Thanks again.

[Sun Feb 26 09:14:04 2017] [error] [client 47.184.XX.XX] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/modsecurity-owasp-latest/rules/RESPONSE-980-CORRELA TION.conf"] [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 5: Disallowed HTML Attributes"] [tag "event-correlation"] [hostname ""] [uri "/admin/notifications.json/task:processNotifications"] [unique_id "WLLwvH8AAAEAAExsyAoAAAAF"]

Need to find out if we can avoid triggering this problem in the first place.

It will be a few days before I can get back to setting up Grav but when / if figured out will certainly share the solution:)