MyBB Community Forums

Full Version: 403 Error in newreply.php/edit.php
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
A common recurring problem, notified by several members, is the inability to post what they want to post whenever they a 403 error. When they received the error, the /newreply.pho and /editpost.php will keep denying members when they are trying to post.

The message:

Quote:Forbidden

You don't have permission to access /newreply.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Few days ago, a member was trying to post the first chapter of his story from Microsoft Word onto this thread: http://boogaloocrews.com/showthread.php?tid=1177

However, it denied him from posting his full chapter and couldn’t post it anywhere on the forum. He can still post, but not that particular chapter, even when making a brand new thread. As seen here: 

http://boogaloocrews.com/showthread.php?tid=1194. He later just linked his chapter onto this site: https://www.fanfiction.net/s/12236353/1/...ra-Warrior.

So, I went ahead and decide to post the content myself to see the problem. So, I posted the same chapter in the brand new thread and I also received the error. However, when I split the chapter into parts, it managed to get through as noted http://boogaloocrews.com/showthread.php?...7#pid37147 and http://boogaloocrews.com/showthread.php?...8#pid37148

I informed the member and he did the same in the original thread: http://boogaloocrews.com/showthread.php?tid=1177

Another note, when he posted his second chapter—even longer than the second, it managed to go through just fine.
I contacted the host to see if the IP was blocked. The host whitelist the IP and confirmed that there were no issues on their side causing the issue.

Plugins Currently Used:
  • Apply Thread Prefix
  • Haz Spoiler
  • MyProfile
  • OUGC Additional Usergroup Images
  • OUGC Awards
  • Quick Advanced Editor Plus
  • Report Private Messages
  • Staff Page
  • Style Usernames
  • Top Stats
  • Plugin Library 
What's causing the issue that results a 403 error?  Huh
Hm, do you have access to your Apache error logs? It may have a more detailed error.

My initial thoughts were either post length or a certain word that triggered some sort of security, but if the same content worked over two posts, and a longer message went through, both those theories can be discounted...

MyBB won't explicitly trigger a 403 for anything, for some reason these specific requests triggered something on the server, hopefully the error logs will help narrow it down.
I don't think I have access to Apache error logs, though I don't know where to look for it (cPanel?).

That's what I thought as well that it could be post length. I'm still thinking that it could be certain keywords triggering some sort of security but seems to be fine with being split into two posts.
In cPanel you should have a section called raw logs or something similar? In there there should be one for errors.
Hmm, there's a section called "Error" which shows me error pages. 

There's another one called "Raw Access Logs". Are those the ones you are talking about?

[Sorry for the double post!]

So, I disabled mod_security for a moment to test something, and the post was able to get through just fine as seen here: http://boogaloocrews.com/showthread.php?...1#pid37151

I enabled mod_security back to test it, it gave me the 403 error.
It was the raw access logs, sorry didn't have access to a cPanel installation and couldn't quite remember what it was called.

That makes sense though, I'd say it is the length then - perhaps the second message that worked in a single post, and the first message split up, were all below the threshold to trigger it. It'd be worth asking your host if they can suggest which security rule may be triggering that, and if they can recommend a different value (or whether it's fine to turn off completely).
Interesting! I'll notified and asked the host to see what can be done about this! Thank you so much for the answers. It was driving me nuts for months lol
(Double Post)

Just got a message with the host. It seems that mod_security was indeed causing the issue. They recommend disabling it for now until they find an solution.