You don't have permission to access /index.php on this server

Started by peterwaalker, August 23, 2014, 07:30:21 AM

Previous topic - Next topic

peterwaalker

Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The above erro is what I always encounter on my site whenever i want to submit a post after composing it.
Please what should i do get rid of this problem.

Arantor


peterwaalker

Quote from: ‽ link=topic=526748.msg3734421#msgin case 1 date=1408793547
Ask your host to turn off mod_security.
Please what is the function of the mod_security incase its there to protect something
Thanks for your support

Arantor

Of course it's there to "protect something", clue's in the name. Except SMF does most of it itself and the bits it doesn't - are the reason you have a problem.

peterwaalker

Any website that calls a string forbidden by a mod_security rule will give a 406 error instead of displaying the page. My host d said;
But this one is error code 404

Arantor

No, you don't have a 404 error.

You have a 403 or 406, whereupon it tries to find an error page, which it can't, and *that* is what gives you the 404 exactly as it says:

QuoteAdditionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

As in: you received an error, the ErrorDocument says 'refer to this file' and *that* wasn't found. So you have two errors, only the second of which is a 404 and that is not the error that is causing the problem.

The only solution to this is to turn off mod_security.

peterwaalker

Okay. I didn't get it initially. Thank you very much. Let me talk to my host

mosravo

Peterwalka did this solve your problem? because i am facing the same issue here, mine is :

Forbidden

You don't have permission to access /government/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Ninja ZX-10RR

#8
Quote from: mosravo on September 15, 2014, 07:00:20 AM
Peterwalka did this solve your problem? because i am facing the same issue here, mine is :

Forbidden

You don't have permission to access /government/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Very much likely it is indeed the same issue, ask your host to disable mod_security on your server. If you want you can also try to put this snippet into your .htaccess but it fixes it only in a limited number of cases so talking to your host will be better anyway. If you are on GoDaddy I wish you good luck because you will need it.
The snippet follows anyway:

<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

:)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

mosravo

@Ninja ZX-10RR , is Mod_security a global function? can it be off just for my use alone on my host or how? don't you think my host will not do that because of me?

Ninja ZX-10RR

mod_security is an old feature still used by some hosts that became actually useless since the majority of softwares have it built-in, including SMF ;) so if they are at least decent they will actually deactivate it for your server, unless you are on GoDaddy - you will need to bug them a lot to make them turn it off in that case.
Anyway... Trying doesn't hurt ;) send them a ticket and tell us the answer, also tell us what is your host :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Illori

Quote from: ♦ Ninja ZX-10RR ♦ on September 16, 2014, 08:48:33 AM
mod_security is an old feature still used by some hosts that became actually useless since the majority of softwares have it built-in, including SMF ;)

mod_security is part of apache, no software can include that in it. SMF has its own security built in, but it is not mod_security.

Ninja ZX-10RR

Sorry I worded it badly to make it easier to understand but doing that I have been slightly inaccurate indeed. Thanks for pointing it out :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE


Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

Mod_security may be able to be disabled through your hosting's cPanel:

In your hosting cPanel, under the security section, look for: Web Security Manager
If that is there, then you have the ability to disable mod_security yourself, instead of waiting for your host.

Now, once in there, it'll show your domains, as sub-domains to your main, but if disable mod_security, it will work for the domain. Just note, it will take anywhere from 10 to 30 mins, no matter that it says 10 mins....LOL

Kindred

I keep seeing people saying this... but I have never yet seen a host other than a dedicated, unmanaged server (or maybe a VPS) who allows you to disable mod_security either via cPanel or via .htaccess command
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

All mine do.
At least, on my paid plans. ;)

My free plans do not even have mod_security....

Kindred

then you are special... because I have never seen it as an option on any paid or free hosts that I have viewed or used
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Burke ♞ Knight

All premium accounts through host I'm at has it.
There must be an option to have it or not, that most hosts decide not to show, since they like to force it enabled on their customers....

Deaks

not available on either of my two sites both on different hosts.

And I am with Kindred I have yet too see this on any host, your host must think your special.
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."


Advertisement: