Not Solved [split] 403 forbidden Error
#1
Not Solved
Quote:Whenever any user attempts to add an apostrophe (') or quotation mark (") to their signature it bounces back this error message and links to mydomain/usercp.php

Why is this happening and how do I fix this?


Forbidden
You don't have permission to access /usercp.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

I'm sorry to necropost this thread, but I am having the same issue at my forum and, as far as I could figure out, mod_security is disabled and therefore not a problem. Therefore, what to do?
Reply
#2
Not Solved
can we have your forum url & a test user account
Reply
#3
Not Solved
Thanks for getting back to me :-)

How shall I create a test account? Make an admin account, and send the password via PM?
Reply
#4
Not Solved
^ yes, providing an admin account through PM can be more useful in finding the cause
or you can create a normal user account & post here so that someone can check & provide suggestions
Reply
#5
Not Solved
PM sent!
Reply
#6
Not Solved
Okay. I just wanted to follow up with this thread for the sake of documentation; that way, in the future, other people having this problem know what I did to solve it.

I contacted my web host, and it turns out that it was an issue with ModSecurity.

This is how they explained it:

Quote:This issue can be caused ModSecurity, which is an Apache module that works as a web application firewall. It blocks known exploits and provides protection from a range of attacks against web applications.

Sometimes its rules can be triggered in a false positive by plugins or theme scripts. In your case, there were a few rules triggered, but not necessarily the same rules will be triggered for someone else.

Thus, we have to to test it on a case-by-case basis in order to determine which rules need to be whitelisted for each client. For your forums, we could do that once you tried an action and the logs told us exactly which rules were being triggered.

TL;DR > My web host needed to whitelist a few rules so that I and other users could, among other things, put apostrophes and quotation marks in our signatures, as well as put HTML in posts. Only they could whitelist these rules; I wouldn't have been able to do it without their assistance or permission.

So, to the future: check either ModSecurity or Suhosin, and be sure either to turn them off or to put exceptions in place.

Cheers.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)