Since the 404 Not Found Error is a client error response code, it’s best to start by troubleshooting any potential client-side issues that could be causing this error.
Have you tried to deactivate the w3all plugin, and then browse your forum to see if the problem still occurs? Let's use the process of elimination to problem solve this issue.
The most common 404 errors are due to incorrect typed urls. If you have any phpBB extensions installed that do any type of redirections, try disabling them as well one at a time to figure out the culprit.
Also, I would definitely try backing up your current .htaccess file, and replace with the standard phpBB that is supplied with the package. In turn by doing this, you would be ruling out the culprit being anything inside your current .htaccess (like missing the .app rewrite or your own you may have added) that could be messing with phpBB sid urls. And if it is your htaccess, you could then find the culprit by re-design.
Try those few things, and let's see what you come with! Remember, a 404 is mainly a client-side error, but we can't yet rule out the server. Having said that, we should start the problem solving with client side first, but it wouldn't be CSS, JS or those types of data that load. It's a url issue in my best guess.
EDIT: Here is the phpBB default .htaccess so you don't have to hunt it down to try, remember to backup your current!
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine on
#
# Uncomment the statement below if URL rewriting doesn't
# work properly. If you installed phpBB in a subdirectory
# of your site, properly set the argument for the statement.
# e.g.: if your domain is test.com and you installed phpBB
# in http://www.test.com/phpBB/index.php you have to set
# the statement RewriteBase /phpBB/
#
RewriteBase /
#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
# This could be required if you are for example using PHP via Apache CGI.
#
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
# The following 3 lines will rewrite URLs passed through the front controller
# to not require app.php in the actual URL. In other words, a controller is
# by default accessed at /app.php/my/controller, but can also be accessed at
# /my/controller
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app.php [QSA,L]
#
# If symbolic links are not already being followed,
# uncomment the line below.
# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/
#
Options +FollowSymLinks
</IfModule>
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfModule>
</IfModule>
Oh I just found a neat tool, try this:
https://tools.pingdom.com/
Looks like 404 errors will display in orange. I think Google Webmaster tools can also show (it logs) you where your users are getting the 404's as well!