News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

403 Error

Started by Paffman, October 14, 2018, 07:27:15 PM

Previous topic - Next topic

Paffman

Hi Peeps,

I have a strange error (although you may have come across this before) in that if you try to post an emoji I get this error message...

"Forbidden
You don't have permission to access /OBTForum/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
"

BUT.... this does not happen every time. Some days you can post an emoji OK then other days you get the above error message.

Sir Osis of Liver

Sounds like a host problem.  Anything in forum or server error logs?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

aegersz

here is a list of IIS subcodes. I only posted it so you can see some of the reasons for it, especially the last one.

it would be nice if your host could restart the web server to see if that alleviates the problem.

try clearing the file cache.

403.1 - Execute access forbidden.
403.2 - Read access forbidden.
403.3 - Write access forbidden.
403.4 - SSL required
403.5 - SSL 128 required.
403.6 - IP address rejected.
403.7 - Client certificate required.
403.8 - Site access denied.
403.9 - Too many users.
403.10 - Invalid configuration.
403.11 - Password change.
403.12 - Mapper denied access.
403.13 - Client certificate revoked.
403.14 - Directory listing denied.
403.15 - Client Access Licenses exceeded.
403.16 - Client certificate is untrusted or invalid.
403.17 - Client certificate has expired or is not yet valid.
403.18 - Cannot execute request from that application pool.
403.19 - Cannot execute CGIs for the client in this application pool.
403.20 - Passport logon failed.
403.21 - Source access denied.
403.22 - Infinite depth is denied.
403.502 - Too many requests from the same client IP; Dynamic IP Restriction limit reached.
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

Illori

Quote from: aegersz on October 14, 2018, 08:07:17 PM
it would be nice if your host could restart the web server to see if that alleviates the problem.


given that the op says it is somewhat random, restarting the server should not be a valid fix to this issue. also most likely the op is on a shared host and most would not want to restart the server each time a user complains of an error, as that is not good business for them nor a good way to fix the issue.

aegersz

yes, i realise that so i added the file cache suggestion.

i restart my server to release sessions that i monitor with apache's server-status.

somehow, the gif files in the Themes subdir become unavailable so a webserver restart hopefully would refresh it's file cache if it's not SMF.
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

aegersz

fwiw, i restart mysqld and httpd (and whatever service has it's dedicated logs) when running the weekly logrotate.

i seldom have any issues. IBM never guarantee that their computers are %100.00 reliable as all it takes is one bit (as in binary integer) to not change/maintain state, then anything could happen.

mind you, at work some systems haven't been restarted for over 900 days (thanks to ksplice) but their apps are restarted weekly or when something goes wrong (frequently, it's my job).

a problem like this is most likely not the OS (or the webserver) so your reply to my suggestion is quite wise ... i'm a bit of a cowboy (but i do get results).

... which lends credence to Sir Osis' advice and advise your host. in my case, my original provider wanted as little to do with me as possible (for obvious reasons); gave me CentOS 6.5 and stuck me in Singapore (where they EXECUTE drug traffickers) and i had to do everything else (no firewall, no domain names, no email addresses etc.)

my new provider (biz got sold) is far more supportive and compassionate so i pay a premium yearly and in advance.

a hosted environment is foreign to me as i didn't even know they existed at the time ... which is why i make stupid suggestions !
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

shawnb61

May sound stupid, but...

How do you post an emoji? 

Extended character set, right?

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Arantor

It's almost certainly a mod_security problem. Ask your host to disable it.

aegersz

Arantor, can you please explain to me what 'mod_security' is and does ?
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here


aegersz

Quotesupposed to provide additional back-end security checks on the other software running on the server.

thanks but it explains nothing. still, i appreciate your pointer.
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

Arantor

It's an Apache module that intercepts requests before they go to PHP, looks for things it somehow considers suspicious or dangerous, and if it finds any, it blocks the request.

Unfortunately many hosts do strange things with it (the default ruleset has never been problematic), and it's quite possible this host blocks emojis for some reason.

Also, Google can tell you much more about it rather than waiting for us to explain it to you.

drewactual

i had this issue too for a while until i realized what a silly mistake i had made...

my circumstance had to do with the flavor of PHP package i was using.  FPM executes as user while FastCGI and many others executes as anonymous... the permissions will often allow execution of inserting emoji's w/o reporting error, but sometimes does- loading up my server error log w/ forbiddens "attempting to access file/access denied" errors.

solution:  change permissions to the directories and files to at least 755/644 and execute as user/anonymous accordingly.... poof go the errors. 

a10

Have had some seemingly random 403's in the past, the host's caching was the cause, caching some real 403's and 'reusing\reapplying' some blocking for a period of time on a completely unrelated request.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

aegersz

Quote from: Arantor on October 15, 2018, 06:42:44 AM
{snip}
Also, Google can tell you much more about it rather than waiting for us to explain it to you.
{snip}

Thanks Arantor; I was so tempted to Google it but I said to myself "you know, must i use Google for everything now ? I coped in the old days somehow so let's see how I go" ... but apparently, yes we all do

OK, so it's a WAF (Web Application Firewall) -- i see them at work and it doesn't sound like a bad thing
actually but if Paffman needs to disable it then /OBTForum/.htaccess has to also contain:

<IfModule mod_security.c>
# Turn off mod_security filtering.
SecFilterEngine Off

# The next part below probably is not needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>


I might play with ModSecurity one day when i am up for it.
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

Illori

a lot of hosts don't allow that to disable mod_security.

aegersz

I see, so the next step is to get the host to reconfigure httpd.conf with:

<VirtualHost *:80>
  # Existing directives here
   SecRuleEngine DetectionOnly
</VirtualHost>


and/or:

<VirtualHost *:443>
  # Existing directives here
   SecRuleEngine DetectionOnly
</VirtualHost>


(source: https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu)
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

shawnb61

Quote from: Arantor on October 15, 2018, 02:36:15 AM
It's almost certainly a mod_security problem. Ask your host to disable it.

That is my suspicion as well.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Arantor

Quote from: aegersz on October 15, 2018, 02:36:54 PM
Thanks Arantor; I was so tempted to Google it but I said to myself "you know, must i use Google for everything now ? I coped in the old days somehow so let's see how I go" ... but apparently, yes we all do

OK, so it's a WAF (Web Application Firewall) -- i see them at work and it doesn't sound like a bad thing
actually but if Paffman needs to disable it then /OBTForum/.htaccess has to also contain:

Better than relying on a person with a raging fever to give you an answer ;) Besides, I've long been more interested in people being able to find out for themselves rather than being spoon-fed answers. StackOverflow didn't exist when I learned to program, I had to figure it out myself...

mod_security is also a huge pain, I wouldn't encourage anyone to actually use it.

aegersz

The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

Advertisement: