Forbidden when save a page

[Erik]

When I want to save a page on my website with a certain template, I get the message "forbidden" in the web browser.

When opening this page in the Processwire Admin I already get an error:
Notice: Array to string conversion in /var/www/vhosts/domain.com/httpdocs/site/modules/FieldtypeTable/InputfieldTable.module online 432

I have no idea where to start troubleshooting this error.

Can someone help me out?

[flydev]

Hello,

11 hours ago, Erik said:

I have no idea where to start troubleshooting this error.

 

Start by checking the ProcessWire logs and then the logs of the webserver/PHP process. You might need to adjust ProcessWire's .htaccess file.

Also, more info are needed for us to give you better support. Dev or prod environment, hosting type, version, etc.

[iank]

Just a thought...

One possibility is if you have Mod Security installed on the hosting.  Often you will get a 403 (Forbidden) message on immediate posting if there's something in the page or posted content that triggers one of the modsec firewall rules.  If this happens, nothing gets posted, and the 403 message is shown very quickly.

I suspect the PHP Notice is probably unrelated.  

 

[Erik]

Thanks for the info.

I will ask the hosting provider again. The strange thing is also when I get the 403 page that I can no longer access the website from my ip address for a few minutes.

[wbmnfktr]

Somehow this error sounds like a "We updated your host to PHP 8.1 from 7.x without asking you"-problem.
Can you please check which PHP version is running on your instance.

[Erik]

Solved:

It was a problem with the youtube Iframe wich was on the page i wanted to save. The hostingprovider had to whitelist something in the ModSecurity module on the webserver.

This was in the error log on the server after saving a page:

[Tue Jun 06 20:58:31.031464 2023] [:error] [pid 6863] [client xx.xx.xx.xx:47758] [client xx.xx.xx.xx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<i?frame" at ARGS_POST:product_media_1_media_content. [file "/etc/apache2/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "44"] [id "212280"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||domain.nl|F|2"] [data "Matched Data: <iframe found within ARGS_POST:product_media_1_media_content: <iframewidth=\\x22100%\\x22height=\\x22315\\x22src=\\x22https://www.youtube.com/embed/cpgrozkuoqu\\x22frameborder=\\x220\\x22gesture=\\x22media\\x22allow=\\x22encrypted-media\\x22allowfullscreen></iframe>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "domain.nl"] [uri "/p90controlpanel/page/edit/"] [unique_id "ZH@B11273YIAABrP7NIAAAAU"], referer: https://domain/controlpanel/page/edit/?id=1047