7 replies to this topic

[newtopw]

Hi all,

I've been developing a small site using PW 2.2 on my dev account at phpfog and things have been going pretty smooth. So comes the time to move the site to production (running PHP 5.2.17, safe_mode off, PW debug set to true) and I've been unable to upload new images ever since. The site/assets folder is writable (also set permissions of all folder in it to 777 just in case). When I create a new page and try to upload a new image, the upload process doesn't start (nothing happens) but the file size is shown and the page's folder is created under assets/files. Upon inspection using Firebug's console I get a 403 Forbidden for the Ajax uploader's POST response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /beta/processwire/page/edit/
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

Checking phpinfo I found that that the upload_tmp_dir variable is not set (no value) so I tried overriding it in config.php as outlined in this thread. Still no luck. I dumped the site to my computer and upload works fine.

Anybody have an idea what I'm doing wrong? Thanks!

[ryan]

That 403 forbidden message is coming from the web server, not ProcessWire. It looks like something at the server is taking control and interrupting the file post. I would guess that this has to do with a mod_security setting at the server. They don't appear to be ajax upload friendly. If you want to PM me a link to your phpinfo() I'll be happy to take a look. Though I'm guessing only the phpfog support can answer this one for us.

[newtopw]

@Ryan

I PMd you the phpinfo. Actually PW works fine on phpfog, the upload issue happens on a shared hosting that has Apache, nginx, and Varnish set up.

Thanks!

[newtopw]

Okay I talked with the web hosting provider about the issue and indeed as Ryan's guess they said it had to do with a mod_security rule. The web host admin did something to the account and now upload works fine.

Cheers

[ryan]

Thanks for the followup. I didn't see anything in your PHPinfo when I looked yesterday (except possibly the safe_mode setting), but got sidetracked before I could reply. Glad it's all working now.

[lenoir]

Did anyone encounter this problem as well? I get it while trying to save a page with some iframe or html in the tinyMCE (i allowed everything there).

[ryan]

This definitely sounds like mod_security. When posting a form with a field that has specific tags in it causes a 403, and posting it without them works, then you can be pretty sure that's mod_security coming into play. It sounds like your host has mod_security configured to block <iframe> tags appearing in POST submission values. This doesn't make a lot of sense given that all the embedding sites like YouTube use the iframe tag. I would check with your host and ask them how to disable these mod_security rules so that you can properly use the account.

[lenoir]

I checked the FAQs of my host server and it seems like they indeed block certain scripts to increase security. I contacted them and they allowed iFrames and such. Thanks a bunch.