Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

403 forbidden error when saving in admin for installed module


vampirehunter

Recommended Posts

I installed the Country state selector BS and found that when i click save in admin under modules, header tags,

 

it just goes to a 403 forbidden page.

 

it doesnt happen with other plugins, but then i also noticed it happening with Datepicker jquery module.

 

i have no clue as to why its happening. as soon as you click save it goes to 403 forbidden error page.

 

anyone have any clues as to why this is happening?

 

it can't be the module codes as i installed these by directly copying the files as per installations.

 

Datepicker was a default module anyway, so i haven't even touched that one!

Link to comment
Share on other sites

The message should tell you exactly which file operation is being forbidden. Are file permissions good? Most PHP and any data files should be 644, while directories are usually 755. If "world writable" files and directories are forbidden by your system, you would usually get a 500 error. Are there any images or other "hotlink protected" files involved? Are there any files hosted on other sites involved? Maybe you need to make a local copy of them.

 

Please remove your other post (about blank screen), as it's a duplicate of this one.

Link to comment
Share on other sites

The message should tell you exactly which file operation is being forbidden. Are file permissions good? Most PHP and any data files should be 644, while directories are usually 755. If "world writable" files and directories are forbidden by your system, you would usually get a 500 error. Are there any images or other "hotlink protected" files involved? Are there any files hosted on other sites involved? Maybe you need to make a local copy of them.

 

Please remove your other post (about blank screen), as it's a duplicate of this one.

 

hi

no, no message is given

 

just says "403 forbidden, access to this resource on the server is denied"

 

I checked firefox browser console and it says this

The character encoding of the HTML document was not declared. 
The document will render with garbled text in some browser 
configurations if the document contains characters from 
outside the US-ASCII range. The character encoding of 
the page must be declared in the document or in the 
transfer protocol.  modules.php

        

the modules.php file in admin is standard and untouched so im not sure why these 2 specific plugin modules in header tags are not working.

 

i checked file permissions and they are fine, 755 for directory, and file is 644, same as other modules.

I am baffled as to why this has started.

 

Seems to be only these 2 moduels.

Datepicker jquery and country states bs.

 

every other module works fine.

and these modules, the datepicker is a default bundled plugin so im not sure why that isn't working.

 

The other one i installed and is working fine on front end, but any attempt to update the settings in admin when clicking save brings up the 403 page.

 

Very strange!

Link to comment
Share on other sites

@@vampirehunter

 

To help with the character encoding issue you can add AddDefaultCharset utf-8 to your .htaccess file. You can change the utf-8 to whatever your using.

 

In your main language file you can set the language and character encoding per your need for your language and character encoding. Example: @setlocale(LC_ALL, array('en_US.UTF-8', 'en_US.UTF8', 'enu_usa'));

 

Also in your Admin - Tools - Database Tables you can make sure all of your files have the correct collation such as utf8_unicode_ci or whichever your using.

 

Take care

Bill

Link to comment
Share on other sites

I doubt the character encoding has anything to do with the 403 error, but it wouldn't hurt to clear that up anyway. The only message you get is that some "resource" is denied? I would think that it would at least tell you which server (yours, or someone else's) and what file or other resource is involved. If it's on your server, do you have hotlink protection enabled? If so, is your whitelist entry for www.yourdomain.com while for some reason the resource is being accessed via yourdomain.com? A refused image shouldn't block the whole page, though, so it's probably a PHP file or something else critical. All permissions, especially for newly-installed files, look reasonable? Nothing 777 or 400 or anything like that? They should have permissions that are more or less the same for pages that work.

Link to comment
Share on other sites

I doubt the character encoding has anything to do with the 403 error, but it wouldn't hurt to clear that up anyway. The only message you get is that some "resource" is denied? I would think that it would at least tell you which server (yours, or someone else's) and what file or other resource is involved. If it's on your server, do you have hotlink protection enabled? If so, is your whitelist entry for www.yourdomain.com while for some reason the resource is being accessed via yourdomain.com? A refused image shouldn't block the whole page, though, so it's probably a PHP file or something else critical. All permissions, especially for newly-installed files, look reasonable? Nothing 777 or 400 or anything like that? They should have permissions that are more or less the same for pages that work.

 

the only thing i've protected is the main image directory from hotlinking.

Yep, all other files permissions are ok, everything else working fine.Just for some reason, you can't save any update to these installed plugins i mentioned.

 

Even if you uninstall them, and reinstall.

I've even tried deleting them and reuploading, gives same error. Not sure what it is, unless its a hosting issue!

Link to comment
Share on other sites

I doubt the character encoding has anything to do with the 403 error, but it wouldn't hurt to clear that up anyway. The only message you get is that some "resource" is denied? I would think that it would at least tell you which server (yours, or someone else's) and what file or other resource is involved. If it's on your server, do you have hotlink protection enabled? If so, is your whitelist entry for www.yourdomain.com while for some reason the resource is being accessed via yourdomain.com? A refused image shouldn't block the whole page, though, so it's probably a PHP file or something else critical. All permissions, especially for newly-installed files, look reasonable? Nothing 777 or 400 or anything like that? They should have permissions that are more or less the same for pages that work.

 

after spending a good few hours looking through error logs and codes, i couldn't really find anything causing this problem.

 

I then searched google and it said to check Cpanel Mod security.

 

Because this domain is hosted as an addon domain to my primary one, it looks like modsecurity was automatically turned on, thus causing this 403 forbidden error.

I turned off modsecurity for the addon domain in cpanel and now everything is working, so problem solved.

 

If anyone else has same issue, then look at the cpanel modsecurity settings.

 

With my hosting, i have a primary domain, and this second domain is an addon domain, and it looks like modsecurity was automatically activated when i created the addon domain.

 

According to definition, Mod Security is to prevent any code injections on vunerable scripts, so basically that is saying that a few of the Jquery or javascript modules that rely on Javascript are considered vunerable, and so when Mod security is turned on, these are 403 forbidden.

 

I'm curious if anyone else has this Modsecurity turned on in Cpanel?

Link to comment
Share on other sites

Ah yes, the dreaded ModSecurity your host probably enabled recently. I keep forgetting about that one. Your host isn't likely to tell you about it, for fear you'll disable it somehow, even though it's merely a nuisance on a well-written site.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...