I Keep getting 403 Forbidden Message with my forum

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

This issue isn't specific to phpbb 3.3, I also had the problem with phpbb 3.2- but it seems to be getting worse.

I keep getting a Forbidden message when I visit pages of my forum. I'm locked out for 5-10 minutes and then it returns to normal.

I don't have the problem with my main Joomla site, I can view that without any issues. It is only phpbb.

My forum users also get this from time to time. It is not just me as admin.

It is not browser related. I'm locked out with Internet Explorer, Microsoft Edge and Firefox.

I can visit the forum during a Forbidden period when I use my Samsung phone.

I've search this forum for answers, but none seem to apply to my situation.

What could be causing this and what can I do to fix it? Please help, it is driving me to insanity :D

Annotation 2020-04-02 123647.png
Annotation 2020-04-02 123724.png
Annotation 2020-04-02 123724.png (1.96 KiB) Viewed 222 times
Last edited by thecaretaker1 on Thu Apr 02, 2020 11:53 am, edited 1 time in total.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70160
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: I Keep getting 403 Forbidden Message with my forum

Post by KevC »

Ask your hosts if any pages are being blocked by their mod_security settings.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

Re: I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

KevC wrote:
Thu Apr 02, 2020 11:53 am
Ask your hosts if any pages are being blocked by their mod_security settings.
Will do. You say 'pages', this is totally random, not specific to any page. Just browsing posts can cause it.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70160
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: I Keep getting 403 Forbidden Message with my forum

Post by KevC »

Yeah but it's to do with which page is being called to show what you're seeing and some can be very sensitively set up where anything with http on it will get triggered. Even certain words on a page. Just depends what their settings are on.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

Re: I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

OK, thank you. I do have SSL and it started around the time my host installed that for me.

It is currently really bad. It has just locked me out clicking from a post to the index page. Maybe you could see if you get it as a guest: https://www.thecaretakers.co.uk/phpBB3/
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70160
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: I Keep getting 403 Forbidden Message with my forum

Post by KevC »

I've just looked at 4-5 forums and then topics within them and scrolled to the bottom of each and they were fine.

You could also try a cookie clear out. Change the cookie name by just changing one character and everyone will get logged out and get a fresh cookie next time, just in case something is tripping up with the SSL.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

Re: I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

I changed the cookie, logged back in and istantly got a Forbidden message. So that rules the cookie out.

I've emailed my host and asked them if any pages are being blocked by their mod_security settings.

It may be a few days before they respond.

Thanks for your help.
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

Re: I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

I got a reply back from my Host.
You are certainly being blocked by Mod Security under a rule that's meant to protect your site against reconnaissance (third parties trying to obtain private information from your website by trying to discover vulnerabilities in your website code)

We could white list this ruling on your request, but it would make your website vulnerable to this form of attack vector which the ruling is designed to protect against. It may well be a false positive, but whitelisting the ruleset could potentially allow a legitimate form of attack

The alternative is for you to speak with the developer or support staff for phpbb forum and see if they have an alternative solution to offer you
User avatar
EA117
Registered User
Posts: 1804
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: I Keep getting 403 Forbidden Message with my forum

Post by EA117 »

The alternative is for you to speak with the developer or support staff for phpbb forum and see if they have an alternative solution to offer you
The alternative also not mentioned there is that in many cases a mod_security rule needs to be corrected or updated. e.g. A rule might want to mitigate against "http:// cannot appear in posted form data" to prevent exploits that involve injecting such references. But then that rule has to make a litany of exceptions for all those application cases where the form being posted specifically is to allow you to edit a hyperlink URL, and "http://" is expected in the form data. And a case where phpBB does that may be currently missing in the list of rule exceptions.

But to take any action on what your hosting provider has recommended here, we must start with knowing what rule has been violated, and by what action in phpBB. i.e. We need for the hosting provider to make the HTTPD error log entry available, which cites the exact mod_security rule by name, and the specific GET or POST content that triggered the rule, etc. If you can already see your web server's error log (not the access log, and not the PHP error log) you might have access to this information yourself.

Such specifics are needed regardless of whether it points to an investigation for the need of a phpBB-side fix, or whether its a false-positive because of an incomplete rule.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68111
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: I Keep getting 403 Forbidden Message with my forum

Post by Lumpy Burgertushie »

I would guess that considering this doesn't seem to be a wide spread issue, that it is most likely the host has this rule setup to strict.
when you contact support again, ask for level two support or a supervisor etc. the support you get at first does not really know much about how their server actually works etc.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
thecaretaker1
Registered User
Posts: 99
Joined: Tue Dec 30, 2014 8:38 pm

Re: I Keep getting 403 Forbidden Message with my forum

Post by thecaretaker1 »

Just to update you, my server host has resolved the issue. No details to what they actually did, but all is working fine now and haven't been locked out once tonight.

Thanks for your help guys. Much appreciated ;)
Post Reply

Return to “[3.3.x] Support Forum”