MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > [split] 403 forbidden Error
Full Version: [split] 403 forbidden Error
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Avro

2017-05-13, 08:34 PM
Quote:Whenever any user attempts to add an apostrophe (') or quotation mark (") to their signature it bounces back this error message and links to mydomain/usercp.php

Why is this happening and how do I fix this?


Forbidden
You don't have permission to access /usercp.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

I'm sorry to necropost this thread, but I am having the same issue at my forum and, as far as I could figure out, mod_security is disabled and therefore not a problem. Therefore, what to do?

.m.

2017-05-14, 03:59 AM
can we have your forum url & a test user account

Avro

2017-05-14, 12:36 PM
Thanks for getting back to me :-)

How shall I create a test account? Make an admin account, and send the password via PM?

.m.

2017-05-14, 12:41 PM
^ yes, providing an admin account through PM can be more useful in finding the cause
or you can create a normal user account & post here so that someone can check & provide suggestions

Avro

2017-05-14, 01:25 PM
PM sent!

Avro

2017-06-07, 09:06 PM
Okay. I just wanted to follow up with this thread for the sake of documentation; that way, in the future, other people having this problem know what I did to solve it.

I contacted my web host, and it turns out that it was an issue with ModSecurity.

This is how they explained it:

Quote:This issue can be caused ModSecurity, which is an Apache module that works as a web application firewall. It blocks known exploits and provides protection from a range of attacks against web applications.

Sometimes its rules can be triggered in a false positive by plugins or theme scripts. In your case, there were a few rules triggered, but not necessarily the same rules will be triggered for someone else.

Thus, we have to to test it on a case-by-case basis in order to determine which rules need to be whitelisted for each client. For your forums, we could do that once you tried an action and the logs told us exactly which rules were being triggered.

TL;DR > My web host needed to whitelist a few rules so that I and other users could, among other things, put apostrophes and quotation marks in our signatures, as well as put HTML in posts. Only they could whitelist these rules; I wouldn't have been able to do it without their assistance or permission.

So, to the future: check either ModSecurity or Suhosin, and be sure either to turn them off or to put exceptions in place.

Cheers.
MyBB Community Forums > 1.8 Support > General Support > [split] 403 forbidden Error