Fresh Install of 2.0.9 - Cannot Access Features and Options - 403 Error

Started by Dharshan, October 31, 2014, 04:05:57 AM

Previous topic - Next topic

Dharshan

Hi,

Just installed a Fresh copy of SMF 2.0.9. Everything Works just fine except that i cant get to Features and Options section by any means. When ever i click that link directly or within the admin area links it spits out a 403.

I'm the Administrator and i have applied 777 to all folders of forum. Screen shots attached.


version


Thanks
R I P  : Steve Jobs | you made the world today look how it is | Thank you

margarett

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Dharshan

mod_security sounds like a very important Thing on the webhost. Why should I disable it?? Will my websites become vulnerable to attack??

http://www.inmotionhosting.com/support/website/modsecurity/what-is-modsecurity-and-why-is-it-important
R I P  : Steve Jobs | you made the world today look how it is | Thank you

margarett

It could be important if wasn't configired in "paranoia mode" :P or similar

If you search this forum for it, you'll see that many users have all kinds of problems with it...
Anyway, if you don't want to disable it, ask your host to let you know what rule is triggering that error, maybe we can help then ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

kat

It might be that your host hasn't given you full ownership of your files, too. Silly buggers. ;)

Kindred

sorry k@... file ownership won't result in 403.


nope... this is 99.99% certain to be mod_security related.

Dharshan, who is your host?

Basically, they have MIS-configured mod_security in a truly stupid way.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

kat

I didn't say it was. :)

I just thought it worth checking that, whilst he's on to his host.

Dharshan

Quote from: Kindred on October 31, 2014, 06:35:08 AM
sorry k@... file ownership won't result in 403.


nope... this is 99.99% certain to be mod_security related.

Dharshan, who is your host?

Basically, they have MIS-configured mod_security in a truly stupid way.

Hi,
I have a sent a message to my host on this, awaiting a feedback. Thanks.
R I P  : Steve Jobs | you made the world today look how it is | Thank you

Shambles

Quote from: Dharshan
I have a sent a message to my host on this, awaiting a feedback. Thanks.
In the meantime, you can check how severe their mod_sec configuration is by making a few posts in your forum, containing "hit phrases" like "select", "settings", "menu", "update" etc.

My forum members used to get plenty of mod_sec hits which caused posts to be abandoned, when simple everyday post content conflicted with the as-then mod_sec configuration, eg

QuoteWhen selecting a new oil filter from the menu to replace the item in your basket, ensure you update the basket to reflect the new item

The mod_sec rules picked up the words that resembled database commands and aborted the post, server-side.

Word to host => disable mod_sec.

Job done.

Good luck.

Kindred

they also - when poorly configured, reject words like Essex and Middlesex County
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dharshan

Problem solved! here is the message from my host!  I installed SMF within a Joomla 3 Installed site. inside a folder called "forums"
====================================================================================
The cause for this is the overlaying .htaccess file at /home/blabla/public_html//.htaccess: it appears that the directives within conflict with the SMF scripts' functions.

We've renamed it to /home/blabla/public_html//.htaccess_bak, and now your SMF admin area functions without issues.

We recommend contacting your web-developer / CMS provider regarding this matter, for possible changes to the .htaccess file in question.

-----------
There is no issues in hosting level and it is not our responsibility to troubleshoot web site matter though we've helped you as above
=======================================================================================================

They were Nice enough to help me on this. I have attached both the htaccess files
R I P  : Steve Jobs | you made the world today look how it is | Thank you

Kindred

and does your SMF actually work now?

I did say that I had 99.99% certainty...   apparently, you hit the .01%

Yup... there are some things in there with the [F] flag which would result in a forbidden (403) message


seriously though...   that is a TERRIBLE way for joomla to "protect" the site...   it should be possible to clean URL arguments IN THE SCRIPT (heck, SMF does it) rather than depending on global "rules"
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dharshan

I have no idea what those changed lines means. but now the SMF works just fine
R I P  : Steve Jobs | you made the world today look how it is | Thank you

Arantor

@Kindred: there are some performance benefits to doing it at .htaccess level rather than at PHP level. I would presume Joomla would still do it itself in the PHP because on nginx/IIS, .htaccess is not even a thing.

Advertisement: