Page 1 of 1

I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 11:51 am
by thecaretaker1
This issue isn't specific to phpbb 3.3, I also had the problem with phpbb 3.2- but it seems to be getting worse.

I keep getting a Forbidden message when I visit pages of my forum. I'm locked out for 5-10 minutes and then it returns to normal.

I don't have the problem with my main Joomla site, I can view that without any issues. It is only phpbb.

My forum users also get this from time to time. It is not just me as admin.

It is not browser related. I'm locked out with Internet Explorer, Microsoft Edge and Firefox.

I can visit the forum during a Forbidden period when I use my Samsung phone.

I've search this forum for answers, but none seem to apply to my situation.

What could be causing this and what can I do to fix it? Please help, it is driving me to insanity :D

Annotation 2020-04-02 123647.png
Annotation 2020-04-02 123724.png
Annotation 2020-04-02 123724.png (1.96 KiB) Viewed 231 times

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 11:53 am
by KevC
Ask your hosts if any pages are being blocked by their mod_security settings.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 11:56 am
by thecaretaker1
KevC wrote:
Thu Apr 02, 2020 11:53 am
Ask your hosts if any pages are being blocked by their mod_security settings.
Will do. You say 'pages', this is totally random, not specific to any page. Just browsing posts can cause it.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 11:57 am
by KevC
Yeah but it's to do with which page is being called to show what you're seeing and some can be very sensitively set up where anything with http on it will get triggered. Even certain words on a page. Just depends what their settings are on.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 12:01 pm
by thecaretaker1
OK, thank you. I do have SSL and it started around the time my host installed that for me.

It is currently really bad. It has just locked me out clicking from a post to the index page. Maybe you could see if you get it as a guest: https://www.thecaretakers.co.uk/phpBB3/

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 12:05 pm
by KevC
I've just looked at 4-5 forums and then topics within them and scrolled to the bottom of each and they were fine.

You could also try a cookie clear out. Change the cookie name by just changing one character and everyone will get logged out and get a fresh cookie next time, just in case something is tripping up with the SSL.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 12:24 pm
by thecaretaker1
I changed the cookie, logged back in and istantly got a Forbidden message. So that rules the cookie out.

I've emailed my host and asked them if any pages are being blocked by their mod_security settings.

It may be a few days before they respond.

Thanks for your help.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 3:07 pm
by thecaretaker1
I got a reply back from my Host.
You are certainly being blocked by Mod Security under a rule that's meant to protect your site against reconnaissance (third parties trying to obtain private information from your website by trying to discover vulnerabilities in your website code)

We could white list this ruling on your request, but it would make your website vulnerable to this form of attack vector which the ruling is designed to protect against. It may well be a false positive, but whitelisting the ruleset could potentially allow a legitimate form of attack

The alternative is for you to speak with the developer or support staff for phpbb forum and see if they have an alternative solution to offer you

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 3:30 pm
by EA117
The alternative is for you to speak with the developer or support staff for phpbb forum and see if they have an alternative solution to offer you
The alternative also not mentioned there is that in many cases a mod_security rule needs to be corrected or updated. e.g. A rule might want to mitigate against "http:// cannot appear in posted form data" to prevent exploits that involve injecting such references. But then that rule has to make a litany of exceptions for all those application cases where the form being posted specifically is to allow you to edit a hyperlink URL, and "http://" is expected in the form data. And a case where phpBB does that may be currently missing in the list of rule exceptions.

But to take any action on what your hosting provider has recommended here, we must start with knowing what rule has been violated, and by what action in phpBB. i.e. We need for the hosting provider to make the HTTPD error log entry available, which cites the exact mod_security rule by name, and the specific GET or POST content that triggered the rule, etc. If you can already see your web server's error log (not the access log, and not the PHP error log) you might have access to this information yourself.

Such specifics are needed regardless of whether it points to an investigation for the need of a phpBB-side fix, or whether its a false-positive because of an incomplete rule.

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 7:27 pm
by Lumpy Burgertushie
I would guess that considering this doesn't seem to be a wide spread issue, that it is most likely the host has this rule setup to strict.
when you contact support again, ask for level two support or a supervisor etc. the support you get at first does not really know much about how their server actually works etc.


robert

Re: I Keep getting 403 Forbidden Message with my forum

Posted: Thu Apr 02, 2020 11:11 pm
by thecaretaker1
Just to update you, my server host has resolved the issue. No details to what they actually did, but all is working fine now and haven't been locked out once tonight.

Thanks for your help guys. Much appreciated ;)