Issues with my forum and https

[420SA]

Hi there I'm currently experiencing an issue with my forum and I'm sure the issue stems from an encryption point of view.

I have the forum URL set as https://www.420sa.co.za with a SSL cert for the domain purchased

If I or a user tries to access the website via the URL 420sa.co.za the page isn't loaded over https, just http... so it gets loaded as http://420sa.co.za.... and when I click on the Register button on the home page for instance I get the following error

"Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

Does anyone perhaps know what's causing this?

[vbgamer45]

It looks like the php session in the url is causing the issue. might be a mod_security issue

https://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security

[drewactual]

follow these steps-

1- put your forum in maintenance mode
2- download repair_settings.php FOR YOUR VERSION!!!  here is link: http://download.simplemachines.org/index.php?thanks;filename=repair_settings.php
3- upload the download to your forum's root
4- open it in a browser (your-forum-url/repair_settings.php)
5- make sure ALL the paths are https or https://www.... CONSISTENT and ALL at least https:// OR https://www -NO MIXING-
6- once you've confirmed your forum is linking all the required files (you'll know- css will be working again along with images) REMOVE (as in delete) repair_settings from your server.
7- take your forum out of maintenance mode.

should take you all of five minutes to recover things... I wager there are elements your forum is still looking for under http, or maybe some www and some not...

as an added bonus, cruise over to the server settings section of this forum, and look at the list of items that speed your forum up- perform the 'move avatars' part... you'll like that. 

edited to add: Also, a forward in your root's htaccess file is a very good idea... forward every approach to https://www, which will rewrite whatever approach a user uses to the proper URL/protocol...

hope this helps!

[Aleksi "Lex" Kilpinen]

Those are all good points to check in many similar situations, but in this case I don't think the 403 would be caused by anything like that.
A server lever redirect to https could be a good idea to avoid people ending up on the non-ssl site completely,
also like vbgamer45 suggested mod_security could be behind the 403 error.

[Kindred]

mod_security is almost definitely the cause here...  ask your host to shut it off

[ziycon]

Your best to leave mod security in place as it mitigates numerous security vulnerabilities, ask your host to add a rule for whatever clause is being triggered in mod sec.

[420SA]

mod_security is almost definitely the cause here...  ask your host to shut it off

Ok so I must ask my host to shut-off mod_security? In those words?

[Aleksi "Lex" Kilpinen]

See the doc https://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security
If the options you can do yourself do not work, the asking your host if they can either reconfigure or remove it is your only option.