1
n01un0
Forbidden error all of a sudden......
  • 2007/4/11 17:02

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


Every time I try to add a new custom block with javascript, I keep getting a Forbidden page with:

You don't have permission to access /modules/system/admin.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This just happened without making any changes (add or deleting modules).

Any idea what is causing this or how to remedy?

Thanks

2
martyboy
Re: Forbidden error all of a sudden......
  • 2007/4/11 20:01

  • martyboy

  • Quite a regular

  • Posts: 256

  • Since: 2004/5/25


Hi, sounds like a hosting issue, maybe your host has installed a security filter onto the server, i f i remember i had a similar problem a while ago.

Check with your host and if they have you can add something like the following to your .htaccess file to turn the security filter off.

SecFilterEngine Off
SecFilterScanPOST Off
Michael Jackson = King Of Pop

Xoops = King Of CMS

3
n01un0
Re: Forbidden error all of a sudden......
  • 2007/4/12 19:54

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


I emailed them yesterday and they had no idea what I was talking about and said there have been no changes. This obviously has to be a server side issue because I have went to three other sites of mine on the same server using XOOPS and tried to insert a custom block with a .<script type="text/javascript" entry and each time it comes back to the Forbidden page.

I'm at a loss and not sure how to "show" or walk them through the problem to get it corrected. I searched through previous posts here and came across a few with the same issue but nobody every came back to give a definative fix or what they did.

Any further suggestions??

Thanks!!

4
n01un0
Re: Forbidden error all of a sudden......
  • 2007/4/13 21:16

  • n01un0

  • Quite a regular

  • Posts: 253

  • Since: 2005/10/9


FIXED!!

<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>


The above did the trick. Everthing working fine now!!
Now I gotta go fix all the rest of the sites, haha

Thanks

5
LOKI2006
Re: Forbidden error all of a sudden......
  • 2007/6/6 13:33

  • LOKI2006

  • Just popping in

  • Posts: 4

  • Since: 2006/6/8 2


I had a different problem with the mod_security.

After moving my website to a new hosting company, I was no more able to change templates or to modify my footer.

I did not get any error message, even after having turned on the debug mode.

I contacted the tech support and got the server log:

Quote:

[Wed Jun 6 05:22:29 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com"] [uri "/user.php"]
[Wed Jun 6 09:56:09 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
[Wed Jun 6 11:30:10 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/index.php"]
[Wed Jun 6 11:30:20 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/index.php"]
[Wed Jun 6 11:30:31 2007] [error] [client 206.53.62.20] mod_security: Access denied with redirect to [/]. Pattern match "<(.|\\\\n)+>" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "destination-casino.com"] [uri "/modules/news/index.php"]
[Wed Jun 6 12:36:23 2007] [error] [client 195.93.102.4] mod_security: Warning. Pattern match "phpsessid" at ARGS_VALUES("xoops_redirect") [msg "XSS attack"] [severity "EMERGENCY"] [hostname "www.destination-casino.com "] [uri "/user.php"]
----------------


These were the errors generated when trying to edit the tplsource table from PhpMyAdmin.

Looks like the \\\n in the tplsource were considered as an XSS attack

I included the following lines (found on this topic)
<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>


and everything is back to normal

Thank you Martyboy

6
CiberEspia
Re: Forbidden error all of a sudden......

thanks you!
my problem is solved width .htaccess:
<IfModule mod_security.c>
    
SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>
Mario Burga
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>Adictoshp.org|Web Blog<<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

7
BlueStocking
Re: Forbidden error all of a sudden......

by CiberEspia on 2007/8/14 12:47:16

Thanks, in the meantime I visited your blog and will be going back. I added it to my Blogs page for easy access.
Google maps are a nice touch.
Again, thank you.
...darcy

http://www.xoops.net.br/index.php?title=Category:Blogs
https://xoops.org/modules/repository .. It is time to get involved - XOOPS.ORG

Login

Who's Online

61 user(s) are online (30 user(s) are browsing Support Forums)


Members: 0


Guests: 61


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits