| Re: XOOPS_TOKEN_REQUEST and Nginx Proxy Manager = 403 Forbidden openresty |
| by Mamba on 2025/5/28 8:42:50 Thank you for sharing! |
| XOOPS_TOKEN_REQUEST and Nginx Proxy Manager = 403 Forbidden openresty |
| by cecadm on 2025/5/27 13:26:50 Hi, I'm using xoops 2.5.11 behind Nginx Proxy Manager (https://nginxproxymanager.com/) Nginx Proxy Manager has "Block Common Exploits" enabled for this proxy host When you access to any page where in the url is present the parameter XOOPS_TOKEN_REQUEST you receive "403 Forbidden openresty" Mostly in the System admin pages, I was using the block page when I found it I'm not saying it is an bug in xoops or in Nginx Proxy Manager but since I want to keep "Block Common Exploits" enabled I need to hack xoops. The problem is the presence of the word _REQUEST in the url the following instructions will change that word in the xoops installation I suggest to backup the files before to change them change XOOPS_TOKEN_REQUEST in XOOPS_TOKEN_REQUE include/findusers.php modules/system/templates/system_notification_list.tpl modules/system/templates/system_notification_list.html modules/system/templates/blocks/system_block_notification.tpl themes/xswatch4/modules/system/blocks/system_block_notification.tpl change '_REQUEST' in '_REQUE' class/xoopssecurity.php class/xoopsform/formhiddentoken.php I'm not using protector, maybe there is something to change also there In preference I have: "Check templates for modifications? YES" otherwise I think you have to rebuild the templates that's it Carlo |