Jump to content
Pixrael

HEEELP! This request was aborted because it appears to be forged!

Recommended Posts

6 minutes ago, Pixrael said:

I read each of them, almost all with different situations/solutions (session.referer_check in php.ini, no space in server disk, file permissions, CSRF, database auto_increment, etc), with all in the forum trying to guess the solution, even some threads don't reach a final solution

So you can see that it is a server environment issue and a ProcessWire one, ie. both. That is why it is hard to track down.

Edited by szabesz
trying to clarify what I mean :)

Share this post


Link to post
Share on other sites

I know, I know. I don't want to be misunderstood here, I love PW .. but I don't like so much the look my boss has in his eyes now .. hehe

Share this post


Link to post
Share on other sites

It was a server issue and not a ProcessWire one - the reason behind the message "This request was aborted because it appears to be forged" on this case was because the PHP session path was not writable. The website is back online with backend working like a charm  😶

  • Like 7
  • Thanks 2

Share this post


Link to post
Share on other sites

Great that you found the issue. Would be curious what WordPress would have done on that server 😁 Do you think it would make sense to improve processwire so that it showed an appropriate error message in such cases? Would that be even possible? If yes maybe someone can make a PR? ☺

  • Like 1

Share this post


Link to post
Share on other sites

I think it could be checked on the installation process, checking if these path are writable or not and thus sending a warning that potential session issue could arise.

 

5 minutes ago, bernhard said:

Would be curious what WordPress would have done on that server

I can't tell you, I think nothing, but I never tried to install this CMS 😅

  • Like 3
  • Haha 1

Share this post


Link to post
Share on other sites
Just now, flydev said:

it could be checked on the installation process

+1 :) And in the cases of migrating a site to its new home, one should always install a clean ProcessWire instance in advance in order to test that the server environment is OK to begin with.

  • Like 3

Share this post


Link to post
Share on other sites
1 hour ago, flydev said:

on this case was because the PHP session path was not writable.

Excellent work on solving this! I am curios though, how would upgrading MySQL cause this? It seems the site was working OK pre-the upgrade.

Share this post


Link to post
Share on other sites

The reason, after the upgrade of Plesk and PHP, by default the PHP setting session.save_path point to /var/lib/php/session and not /var/tmp where before he got r/w permissions (I don't know if Plesk was already installed or not before the upgrade). The final problem was not MySQL.

  • Like 7
  • Thanks 1

Share this post


Link to post
Share on other sites
8 hours ago, kongondo said:

Excellent work on solving this! I am curios though, how would upgrading MySQL cause this? It seems the site was working OK pre-the upgrade.

If you check this tutorial https://support.plesk.com/hc/en-us/articles/213367429-How-to-upgrade-MySQL-from-5-1-to-5-5-on-Linux, you can see a note that says "The PHP package can also be updated during this procedure". I did not pay attention to this because I had installed the latest version of PHP, but it seems that anyway the package and its configuration were changed during the upgrade.

9 hours ago, flydev said:

I think it could be checked on the installation process

maybe.. and during the user login at admin too.. because like in my example, it can happen after the installation...

At least we need a topic, or a recipe at https://processwire-recipes.com/ or wherever the option we have, to guide beginners like me. Explaining all the test that must be done after "This request was aborted because it appears to be forged" because after my investigation I found several causes for this, and almost 127 forum entries about it.

https://www.google.com/search?q=site:processwire.com+"This+request+was+aborted+because+it+appears+to+be+forged"

Now, at this moment I can breathe! I want to say a BIG THANK YOU to @flydev who won my admiration and has been a wonderful human being

  • Like 5
  • Thanks 1

Share this post


Link to post
Share on other sites

I think you could open an issue at GitHub explaining your example and providing the link to the 127 entries related to that error message. Maybe Ryan has an idea how he can add some checks that show more helpful informations and make it easier to track down the issue.

  • Like 2

Share this post


Link to post
Share on other sites

In my case, sessions were not handled correctly. 

In order to fix it:

1. I installed the core module Session Handler Database (SessionHandlerDB) locally,
2. Create a mysqldump of my local database 
3. Imported the mysqldump to my online environment 
4. Voila! 

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...