TemplateFile: This request was aborted because it appears to be forged

[alexfoxgill]

Hi,

 

I have moved a PW installation onto a hosted server, but get this error when I try to log in with the admin account that I have set up. I have Googled and read a lot of topics about this error but none of the suggested fixes have worked for me. Here's what I've tried so far:

 

- Setting CHMOD of site/config.php to 777

- Setting CHMOD of site/assets to 777 recursively

 

Doing the above didn't seem to resolve anything. One thing I have noticed is that the site/assets/sessions folder is empty - no new file gets created.

 

Next on some more found advice I tried setting the following config variables:

$config->protectCSRF = false;
$config->sessionChallenge = false;
$config->sessionFingerprint = false;

However this only hid the error so that when I submit the log in form, the page just refreshes and I am again prompted to log in.

I have of course also tried clearing my browser cache, logging in from Incognito etc.

Does anyone have any more ideas?! I'm running out of hope here

[adrian]

Did you make sure the "userAuthSalt" option in config.php is the same as it was on the dev server?

[gebeer]

I had these problems once and tried all solutions I could find in the forum to no avail.

Then I finally found out that it was a permission problem. The server was running wrong apache user/group.

I know that with some hosting companies (eg hosteurope) you have to manually change the user/group of your FTP account to reflect the apache user/group. Maybe this is the cause in your case, too.

[alexfoxgill]

Did you make sure the "userAuthSalt" option in config.php is the same as it was on the dev server?

I haven't changed that option in config.php so I would assume it is the same but I will check, thanks

I had these problems once and tried all solutions I could find in the forum to no avail.

Then I finally found out that it was a permission problem. The server was running wrong apache user/group.

I know that with some hosting companies (eg hosteurope) you have to manually change the user/group of your FTP account to reflect the apache user/group. Maybe this is the cause in your case, too.

This sounds promising. I am not very familiar with apache or linux, could you point me at some related topics that I can read to familiarise myself?

[totoff]

Then I finally found out that it was a permission problem. The server was running wrong apache user/group.

I know that with some hosting companies (eg hosteurope) you have to manually change the user/group of your FTP account to reflect the apache user/group. Maybe this is the cause in your case, too.

This solved it for me too.

This sounds promising. I am not very familiar with apache or linux, could you point me at some related topics that I can read to familiarise myself?

Ask your hosting company on how to set CHOWN to apache (could be www-run for example). These settings are often hidden in the server admin surface or can be set via Web-FTP.

Another alternative trick that might work is to run PHP as fastCGI on the server. Again, ask the hosting company if this is possible.