Topic: Post edit/modify 403 error

[Cyggy]

Hi. For the past 8 hours I haven't been able to edit/modify my forum posts. I can get into modify mode but when I edit the text and select preview or save, I get this message:

Forbidden
You don't have permission to access /smf/index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

In maintenance I ran: "Find and repair any errors" but no problems are indicated.
The error log shows no problems related to this, and I also ran check/repair on the database in host Cpanel, but it says there are no db problems.

index.php file permissions are 644

I'm using 1.1.15, which I know needs to be updated to 1.1.16, but so far I haven't been able to update (another issue). But that's been a problem for months and has not affected normal forum use, or caused this 403/404 error before.

So I'm wondering if this is a server glitch or other host related issue?

Suggestion please? Thanks

[MrPhil]

Check if the server mod_security is turned off. If someone just turned it on, it could be interfering with SMF's operation. Are your directories 755 permission, and files 644? Do you own the directories and files?

There is no 404 error. That's a bug in the default Apache server configuration (if you're using the default error handlers, it will report a 404 that it couldn't find your custom error handler). If you want to be rid of it, see my sig > FAQs > Missing Support Files.

[Cyggy]

MrPhil, how do I check server mod_security settings? I don't know what that is. I'm using a webhost, on a shared server. From what I've read at my host website, mod_security is not a feature installed on most shared servers. No settings control for it in my cPanel. Are you talking about .htaccess file settings?

My directory perms are 755, most files are 644, a few are 666. Index.php is currently 644.
What do you mean by "own" the directories and files? I'm the webmaster, so I own all files.

Things have gotten worse. I logged out of my forum and now I can't login as Admin. I'm getting the same 403 Forbidden error. I can only login as a regular member.

Could this possibly have something to do with cPanel & forum admin password changes? I recently changed both passwords, but that was last week and I didn't have any problems or errors until yesterday.

[Cyggy]

At the risk of jumping the gun, the problem *seems* to have been fixed. As was suggested, it was a mod_security setting problem, not a SMF bug. Mod_security is something only my web host controls. They've been testing it on their shared servers for the past month, but apparently I'm the only one whose SMF admin account was affected by the changes. Or at least I'm the only one who has complained to them about it. Other SMF users may be having the same problem and seeking answers here, when they might need to contact their web host instead.

Here's what the support tech said he did to fix this:

white-listed the mod_security rules.
safe-listed the rules which were directly preventing me from logging into the admin account.
white listed my specific account, the mod_security rule blocking more than 4 links in a post and the mod_security rule about adult content.

Hope this info helps other smf users and my troubles don't return. Next on my list is to upgrade and figure out why so many database errors... Grrr

[MrPhil]

Glad to hear you got the mod_security problem figured out.

To "own" a directory or file (on a Linux machine) is to have your user ID listed under "owner". You'll see that when you do a ls -la file listing. Sometimes you'll find that an FTP server is creating files and directories under its own user ID, or the hosting control panel is misconfigured and making files and directories owned by it. If you see this happen, generally only the system admin (root/superuser) can change ownership via the chown command.

Ownership is important because that determines which "permissions" apply to which user IDs.

[Cyggy]

Ok thanks for the info and help, MrPhil.
That's fairly complicated stuff and I didn't know about this potential ownership conflict , but I understand the gist of it. I'll learn more about Linux, chown, etc. since I'd like to operate my own server someday. Thanks again.