Member Received 403 on @Mention Email link to Forum Post

Started by ColinJM, January 19, 2025, 02:35:50 AM

Previous topic - Next topic

ColinJM

I've just been forwarded an email by one of my members who tried to click on the link to a post that he had been @mentioned in and he received a 403 error which of course is forbidden server resource (access permissions) error.

I had him log in and try and access the topic - no issues.

I then logged out and click the URL in the email the member fowarded to me and, as expected, was routed to the log in page.

Why is the member receiving a 403 error instead of being routed to the log in screen and he even receives the 403 on the email link whilst logged in?

He was using Edge, so I installed Chrome and received the 403 when I copy and pasted the link from the email.

EDIT: I've just used a test member to create a @mention of me (my personal memeber not Admin) and received no 403 error.
Kind Regards

Colin

Slava
Ukraini!

Aleksi "Lex" Kilpinen

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

ColinJM

Thanks Lex, I've just added that code to the .htaccess file and it hasn't been disallowed by my host - I had the member click on the link and he's still receiving a 403.
Kind Regards

Colin

Slava
Ukraini!

Aleksi "Lex" Kilpinen

Can you check your server error log, maybe there is something more specific?
Usually, 403 is either a security rule of some sort (on the server) or a simple file permission issue (on the server) or a user permission/login issue (on SMF).
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

ColinJM

Just checked server log (via cPanel/Metrics/Errors) and have multiple error messages that a 403.shtml was not found in the public_html root directory.
Kind Regards

Colin

Slava
Ukraini!

Aleksi "Lex" Kilpinen

That might be related, but doesn't really offer any explanation to the actual 403.

Missing error docs are not a real issue, apart from causing extra errors in the log.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

ColinJM

Ok thanks Lex - let's see if any other members receive that error.               
Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

Quote from: Aleksi "Lex" Kilpinen on January 19, 2025, 03:35:52 AMMissing error docs are not a real issue, apart from causing extra errors in the log.

But wouldn't that mean that each missing doc error is caused by an actual 403 error?

Might be a good idea to ask host to disable mod_security.  They may not allow it to be disabled with .htaccess.
When in Emor, do as the Snamors.
                              - D. Lister

Aleksi "Lex" Kilpinen

Quote from: Sir Osis of Liver on January 19, 2025, 12:58:12 PM
Quote from: Aleksi "Lex" Kilpinen on January 19, 2025, 03:35:52 AMMissing error docs are not a real issue, apart from causing extra errors in the log.

But wouldn't that mean that each missing doc error is caused by an actual 403 error?
Yes, or at least most of them. And yes, if the issue continues, it might indeed be worth talking to the host.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

ColinJM

Thanks SOoL and Lex - I've asked for any others to advise me if they have received a 403 and had no response - that doesn't mean there hasn't been any.

Will disabling mod_security (if applied and allowed) compromise my Host's apache servers?
Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

I've always had mod_security disabled on my domains.  My host gives me access to it in control panel, you may or may not have that access.  It shouldn't cause problems if it's configured correctly, but it often isn't and gets fussy with SMF.
When in Emor, do as the Snamors.
                              - D. Lister

ColinJM

Quote from: Sir Osis of Liver on January 19, 2025, 09:50:58 PMI've always had mod_security disabled on my domains.  My host gives me access to it in control panel, you may or may not have that access.  It shouldn't cause problems if it's configured correctly, but it often isn't and gets fussy with SMF.


Good to know - thanks SOoL
Kind Regards

Colin

Slava
Ukraini!

ColinJM

Hi All,
Just an update. My ISP and Forum Host advised they would not disable mod_security because the web server is a shared platform. They instead said they whitelisted the member's IP but unsuprisingly this didn't resolve the issue even with purging his broswer cache beforehand. I'm trying to understand why the member has this issue when he otherwise has no other access issue.
Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

That's odd, I'm on shared server and have option to disable mod_security.  Some hosts allow you to enable/disable it for different domains.  Is your member using a vpn?
When in Emor, do as the Snamors.
                              - D. Lister

ColinJM

Quote from: Sir Osis of Liver on February 03, 2025, 08:56:18 PMThat's odd, I'm on shared server and have option to disable mod_security.  Some hosts allow you to enable/disable it for different domains.  Is your member using a vpn?

I think your hosts may be a bit more comfortable doing that. No SOoL, no VPN.
Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

Quote from: ColinJM on January 19, 2025, 02:35:50 AMHe was using Edge, so I installed Chrome and received the 403 when I copy and pasted the link from the email.

Anything unusual in the post?
When in Emor, do as the Snamors.
                              - D. Lister

ColinJM

Quote from: Sir Osis of Liver on February 03, 2025, 09:16:43 PM
Quote from: ColinJM on January 19, 2025, 02:35:50 AMHe was using Edge, so I installed Chrome and received the 403 when I copy and pasted the link from the email.

Anything unusual in the post?


No, just the members name prepened with an @ . No one else reported a 404 on the post.
Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

When in Emor, do as the Snamors.
                              - D. Lister

ColinJM

Kind Regards

Colin

Slava
Ukraini!

Sir Osis of Liver

#19
Quote from: ColinJM on January 19, 2025, 02:35:50 AMHe was using Edge, so I installed Chrome and received the 403 when I copy and pasted the link from the email.

Can't replicate the problem.  If member name is invalid, it's not a link.  Same would happen if it contains invalid character.  If it only happens to one member in one post, and you get the error when you copy the link, then something must be wrong with the link.

When in Emor, do as the Snamors.
                              - D. Lister

Advertisement: