403 Forbidden

Status
Not open for further replies.

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
This should be working for you now.
 

asasin

New Member
Messages
28
Reaction score
0
Points
1
it will work for <embed> but not for <iframe> and youtube is <iframe>
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
I'll take a look I only tested with the embed link from youtube.
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
Can you give it another shot?
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
You're welcome, please report any other issues you find here.
 

asasin

New Member
Messages
28
Reaction score
0
Points
1
hi i am now having a problem with the Photos feature. when i click "upload photos" a JavaScript popup is suppose to come up but instead only a white line comes up i have searched oxwall forums and this is again down to mod_security if you go to http://www.thejanetdevlinfanclub.com/photo/viewlist/latest and sign in using "testuser" again and click upload photos you will be able to see the problem :)
 

foxzonex

New Member
Messages
16
Reaction score
1
Points
3
Have the same issues with oxwall. trying to fix it, it screwed up, and now when ever i start the site over fresh. i get these issues.
 

asasin

New Member
Messages
28
Reaction score
0
Points
1
the site is perfect now thanks also when i upgrade my account to premium would i have to sort al this out again
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Hi Asasin,

The changes we made become part of our global modsecurity rules, so they should be in effect on all servers.
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
Premium users have the ability to completely disable mod security on their account via cPanel even though we do discourage it.

For free hosting we have a customized web server setup that does not allow for the same cPanel functionality to disable mod security, we also decided it would not be a good idea to allow free users to disable it as we use it to not only protect against inbound malicious attacks but to prevent outbound abuse also. Unfortunately free hosting still gets a fair share of abusive signups so allowing these users to disable something that prevents their malicious actions wouldn't be in our best interest.

We are trying to make modifications to the rules in order to make everyone's scripts compatible with the rule sets. We just need ways to reproduce\see the issue so we can rewrite the rules accordingly. So if someone has an issue we need more information besides that it's not working.

Since implementing our new block lists and mod security rule sets we've seen a drastic reduction in compromised user sites and bot spam which means less suspended users, faster servers, and more time for us to work on other features. Across our network we're blocking thousands of bot requests per second which has on average increased our idle CPU time roughly 30%. As we continue to write rules and get better at blocking all these malicious hack attempts and bots I'm hoping we'll further increase those numbers.
 

foxzonex

New Member
Messages
16
Reaction score
1
Points
3
it would help to know what to look for to report back. All i get is a

Forbidden
You don't have permission to access /rvs/install/installation on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I did enable debugging for oxwall but its of no help when there such limitations on the mod security. which i understand completely the reasons behind it.
I might of went along the same paths to prevent abuse as well. But to help at this time is impossible. because this is all i can get and the cPanel error logs don't say anything related to my rvs directory. and all other research points to talk to the host for these errors.

Update
[Thu Jan 01 17:02:39.195272 2015] [access_compat:error] [pid 472120:tid 139954604672768] [client 37.203.211.195:48248] AH01797: client denied by server configuration: /home/foxzonex/public_html/403.shtml, referer: http://foxzone.org/
[Thu Jan 01 17:02:39.192821 2015] [access_compat:error] [pid 472120:tid 139954604672768] [client 37.203.211.195:48248] AH01797: client denied by server configuration: /home/foxzonex/public_html/rvs/join, referer: http://foxzone.org/

Suddenly shows this now on the error logs. dont know if it helps.
 
Last edited:

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
Give it a try now, I've made a change to the rules. The client denied errors you're seeing in the error log is Apache blocking the bots from accessing your site. Looks like one was trying to join.
 

foxzonex

New Member
Messages
16
Reaction score
1
Points
3
no, just made it worse. cant even get it to display at all now. just says there too many redirects.

The webpage at http://foxzone.org/rvs/{$site_url}{$site_url}install has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Guess you live up to your motto there? "I Break Things" :)
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
That error wouldn't be related to mod security, if mod sec blocks something it will show a 403 forbidden error.

It looks like you were running an install when the mod security error initially happened? Can start the install over? I think it's supposed to have stored some variables and mod security stopped it from doing so but it doesn't realize it.
 
Status
Not open for further replies.
Top