Jump to content

403 Forbidden when saving Homepage


Kay Lohn
 Share

Recommended Posts

Hi,

After migrating a site built on PW to a live server, when trying to edit and save the home page, it throws a 403 Forbidden error. I have tried creating a page under home and editing/saving it, it works fine and so do any other page BUT Home.

Some things I have tried/ did:

  • Setting permission on site/assets to 777 (recursive)
  • Setting permission on site/modules to 777 (recursive)
  • Deleting content under site/assets/sessions
  • Removing unused fields from homepage
  • Created a new 'superuser' account, logged in but still the 403 Forbidden
  • *edit* Same 403 Forbidden on Firefox, Chrome and Opera
  • *edit* Changed theme to Reno and Default, still the same
  • *edit* Have installed module MaintenanceMode after migration, uninstalled, re-installed, no effect
  • *edit* Had the '......request seems to be forged' which was fixed by setting permissions to 777 on site/assets (recursive)
  • *edit* The hosting provider does not allow PHP Zip extension, so installed 'MaintenanceMode' manually
  • *edit* Setting Debug to true has no effect, no errors outputted
  • *edit* Using ProcessWire 2.5.2

Any help would be highly appreciated. Thanks.

  • Like 1
Link to comment
Share on other sites

UPDATE:

Fortunately, I have traced the problem. (I recalled having a similar problem on MODx a few years back)

ALL of the pages which I created on local XAMPP install and migrated to the live site would throw a 403 Forbidden on save as well as pages which had content that matched the ModSecurity filters/ rules on the server. It does not like the brackets <> I guess.

The pages I created on the live site had fields which were to have HTML code but were left empty, hence no error was thrown and the page was saved gracefully.

Error log below:

[sat Jan 17 13:13:33 2015] [error] [client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|" ?> ?<|" ?[a-z]+ ?<.*>|> ?"? ?(>|<)|< ?/?i?frame|\\%env)" ... [uri "/xxxx/page/edit/"]

I have a few text fields which are supposed to accept HTML code and output it as is but my host does not like it being saved to the database un-escaped.

This issue has been traced and is fixed for now by revisiting the template files PHP code and outputting the data some other way OR manually editing ALL offending entries in the database.....hmph  >:(

BTW, my host uses HSPHERE/PARALLELS and hides its Apache version  :-X

  • Like 3
Link to comment
Share on other sites

  • 4 months later...

ALL of the pages which I created on local XAMPP install and migrated to the live site would throw a 403 Forbidden on save as well as pages which had content that matched the ModSecurity filters/ rules on the server. It does not like the brackets <> I guess.

Thank you! This solved the error for me.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...