403 Forbidden ?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
CDT015
Registered User
Posts: 45
Joined: Fri Dec 18, 2009 12:42 am

403 Forbidden ?

Post by CDT015 »

I have been helping run a forum now for 4 years, its a fairly busy forum (we think so anyway)
We have had very few problems so far, about 12 months ago we moved to a new host and had even less issues with down time etc.
Now, in the last few weeks a few members have reported this 403 error.
I can only replicate the issue with one particular post.
Any ideas?
aussiedistiller.com.au
Cheers
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: 403 Forbidden ?

Post by Danielx64 »

It sounds like that mod_security may be causing this. You will need to talk with your host about it.
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
User avatar
soumik
Registered User
Posts: 486
Joined: Tue Nov 06, 2007 7:27 pm
Contact:

Re: 403 Forbidden ?

Post by soumik »

Unrelated to your issue, but the cookies set by your board do not specify a domain. Make sure you put "aussiedistiller.com.au" (without the quotes) as the cookie domain in the cookie settings in the ACP.
Powered by chocolate
CDT015
Registered User
Posts: 45
Joined: Fri Dec 18, 2009 12:42 am

Re: 403 Forbidden ?

Post by CDT015 »

Danielx64 wrote:It sounds like that mod_security may be causing this. You will need to talk with your host about it.
Could you explain a little more about this please.
soumik wrote:Unrelated to your issue, but the cookies set by your board do not specify a domain. Make sure you put "aussiedistiller.com.au" (without the quotes) as the cookie domain in the cookie settings in the ACP.
Thanks, will do
User avatar
soumik
Registered User
Posts: 486
Joined: Tue Nov 06, 2007 7:27 pm
Contact:

Re: 403 Forbidden ?

Post by soumik »

Mod_security is an Apache module that is used to protect websites from various attacks. Sometimes it's triggered falsely by certain keywords. Since you are having problems with one particular post, it's likely that mod_security being triggered by a certain word in it.

You can disable mod_security (specifically scanning of POST data) by putting these lines in a .htaccess file in the root of your forum -

Code: Select all

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
If this doesn't resolve your issue, it's something else.
Last edited by soumik on Fri Jul 11, 2014 4:24 am, edited 1 time in total.
Powered by chocolate
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: 403 Forbidden ?

Post by Danielx64 »

soumik wrote:Mod_security is an Apache module that is used to protect websites from various attacks. Sometimes it's triggered falsely by certain keywords. Since you are having problems with one particular post, it's likely that mod_security is causing it.

You can disable mod_security by putting these lines in a .htaccess file in the root of your forum -

Code: Select all

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
Please note that it may not work and you will need to contact your host to have it fixed.
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: 403 Forbidden ?

Post by Oyabun1 »

Danielx64 wrote:Please note that it may not work and you will need to contact your host to have it fixed.
Indeed. Also, before trying to change server security it would be worth checking whether it is allowed in the T&C of your host, otherwise you may find that your account is suspended or cancelled.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
CDT015
Registered User
Posts: 45
Joined: Fri Dec 18, 2009 12:42 am

Re: 403 Forbidden ?

Post by CDT015 »

soumik wrote:

Code: Select all

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
OK so I just added this to the existing .htaccess file in the root of the forum.
Will this leave us vulnerable ?
Edit to add: The one post that I could replicate the issue seems to be fixed by doing the above, I can now edit etc. So the fix fixed the issue (so far) but my question remains. Will this leave us vulnerable ?
Danielx64
Registered User
Posts: 1369
Joined: Wed Nov 04, 2009 5:51 am
Location: In a server room in Australia
Name: Daniel
Contact:

Re: 403 Forbidden ?

Post by Danielx64 »

Oyabun1 wrote:Indeed. Also, before trying to change server security it would be worth checking whether it is allowed in the T&C of your host, otherwise you may find that your account is suspended or cancelled.
In general, it's far better to talk to your host before changing server security settings.
Please note that I will not be porting any of my mods to phpBB 3.1. Sorry for the inconvenience this may cause.
Image
Locked

Return to “[3.0.x] Support Forum”