403 Forbidden

[asasin]

ok thankyou hope it is sorted soon

 

[Corey]

This should be working for you now.

 

[asasin]

hi im still having this problem

 

[asasin]

it will work for <embed> but not for <iframe> and youtube is <iframe>

 

[Corey]

I'll take a look I only tested with the embed link from youtube.

 

[asasin]

ok

 

[Corey]

Can you give it another shot?

 

[asasin]

sorted now thank you so so much

 

[Corey]

You're welcome, please report any other issues you find here.

 

[asasin]

hi i am now having a problem with the Photos feature. when i click "upload photos" a JavaScript popup is suppose to come up but instead only a white line comes up i have searched oxwall forums and this is again down to mod_security if you go to http://www.thejanetdevlinfanclub.com/photo/viewlist/latest and sign in using "testuser" again and click upload photos you will be able to see the problem

 

[Corey]

Should be fixed.

 

[foxzonex]

Have the same issues with oxwall. trying to fix it, it screwed up, and now when ever i start the site over fresh. i get these issues.

 

[asasin]

the site is perfect now thanks also when i upgrade my account to premium would i have to sort al this out again

 

[leafypiggy]

Hi Asasin,

The changes we made become part of our global modsecurity rules, so they should be in effect on all servers.

 

[asasin]

oh ok thats good im thinking of upgrading to premium

 

[Corey]

Premium users have the ability to completely disable mod security on their account via cPanel even though we do discourage it.

For free hosting we have a customized web server setup that does not allow for the same cPanel functionality to disable mod security, we also decided it would not be a good idea to allow free users to disable it as we use it to not only protect against inbound malicious attacks but to prevent outbound abuse also. Unfortunately free hosting still gets a fair share of abusive signups so allowing these users to disable something that prevents their malicious actions wouldn't be in our best interest.

We are trying to make modifications to the rules in order to make everyone's scripts compatible with the rule sets. We just need ways to reproduce\see the issue so we can rewrite the rules accordingly. So if someone has an issue we need more information besides that it's not working.

Since implementing our new block lists and mod security rule sets we've seen a drastic reduction in compromised user sites and bot spam which means less suspended users, faster servers, and more time for us to work on other features. Across our network we're blocking thousands of bot requests per second which has on average increased our idle CPU time roughly 30%. As we continue to write rules and get better at blocking all these malicious hack attempts and bots I'm hoping we'll further increase those numbers.

 

[foxzonex]

it would help to know what to look for to report back. All i get is a

Forbidden
You don't have permission to access /rvs/install/installation on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I did enable debugging for oxwall but its of no help when there such limitations on the mod security. which i understand completely the reasons behind it.
I might of went along the same paths to prevent abuse as well. But to help at this time is impossible. because this is all i can get and the cPanel error logs don't say anything related to my rvs directory. and all other research points to talk to the host for these errors.

Update

[Thu Jan 01 17:02:39.195272 2015] [access_compat:error] [pid 472120:tid 139954604672768] [client 37.203.211.195:48248] AH01797: client denied by server configuration: /home/foxzonex/public_html/403.shtml, referer: http://foxzone.org/
[Thu Jan 01 17:02:39.192821 2015] [access_compat:error] [pid 472120:tid 139954604672768] [client 37.203.211.195:48248] AH01797: client denied by server configuration: /home/foxzonex/public_html/rvs/join, referer: http://foxzone.org/

Suddenly shows this now on the error logs. dont know if it helps.

 

[Corey]

Give it a try now, I've made a change to the rules. The client denied errors you're seeing in the error log is Apache blocking the bots from accessing your site. Looks like one was trying to join.

 

[foxzonex]

no, just made it worse. cant even get it to display at all now. just says there too many redirects.

The webpage at http://foxzone.org/rvs/{$site_url}{$site_url}install has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Guess you live up to your motto there? "I Break Things"

 

[Corey]

That error wouldn't be related to mod security, if mod sec blocks something it will show a 403 forbidden error.

It looks like you were running an install when the mod security error initially happened? Can start the install over? I think it's supposed to have stored some variables and mod security stopped it from doing so but it doesn't realize it.