Jump to content

Forbidden when save a page


Erik
 Share

Recommended Posts

When I want to save a page on my website with a certain template, I get the message "forbidden" in the web browser.

When opening this page in the Processwire Admin I already get an error:
Notice: Array to string conversion in /var/www/vhosts/domain.com/httpdocs/site/modules/FieldtypeTable/InputfieldTable.module online 432

I have no idea where to start troubleshooting this error.

Can someone help me out?

Link to comment
Share on other sites

Hello,

11 hours ago, Erik said:

I have no idea where to start troubleshooting this error.

 

Start by checking the ProcessWire logs and then the logs of the webserver/PHP process. You might need to adjust ProcessWire's .htaccess file.

Also, more info are needed for us to give you better support. Dev or prod environment, hosting type, version, etc.

  • Like 1
Link to comment
Share on other sites

Just a thought...

One possibility is if you have Mod Security installed on the hosting.  Often you will get a 403 (Forbidden) message on immediate posting if there's something in the page or posted content that triggers one of the modsec firewall rules.  If this happens, nothing gets posted, and the 403 message is shown very quickly.

I suspect the PHP Notice is probably unrelated.  

 

  • Like 1
Link to comment
Share on other sites

Thanks for the info.


I will ask the hosting provider again. The strange thing is also when I get the 403 page that I can no longer access the website from my ip address for a few minutes.

Link to comment
Share on other sites

  • 2 weeks later...

Solved:

It was a problem with the youtube Iframe wich was on the page i wanted to save. The hostingprovider had to whitelist something in the ModSecurity module on the webserver.

This was in the error log on the server after saving a page:

[Tue Jun 06 20:58:31.031464 2023] [:error] [pid 6863] [client xx.xx.xx.xx:47758] [client xx.xx.xx.xx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<i?frame" at ARGS_POST:product_media_1_media_content. [file "/etc/apache2/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "44"] [id "212280"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||domain.nl|F|2"] [data "Matched Data: <iframe found within ARGS_POST:product_media_1_media_content: <iframewidth=\\x22100%\\x22height=\\x22315\\x22src=\\x22https://www.youtube.com/embed/cpgrozkuoqu\\x22frameborder=\\x220\\x22gesture=\\x22media\\x22allow=\\x22encrypted-media\\x22allowfullscreen></iframe>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "domain.nl"] [uri "/p90controlpanel/page/edit/"] [unique_id "ZH@B11273YIAABrP7NIAAAAU"], referer: https://domain/controlpanel/page/edit/?id=1047

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...