403 Error

3 posts by 2 authors in: Forums > CMS Builder
Last Post: January 19, 2012   (RSS)

Re: [benedict] 403 Error

By Dave - January 18, 2012

Hi Benedict,

It looks like your host is running an optional web server module called "mod_security" (http://www.modsecurity.org/). We've seen a lot of false error reports from mod_security in the past, so we try to disable it by default in /cmsAdmin/.htaccess, but that only works for hosts that check for .htaccess files.

A bit of google'ing suggests that this particular error is due to a bug in the way flash works and problem with mod_security accidentally reporting it as an attack.

Here's some other products and vendors with the same problem:
Drupal: http://drupal.org/node/473520
Wordpress: http://core.trac.wordpress.org/ticket/6278
Fancy Upload (search for 403): http://digitarald.de/project/fancyupload/
SWFUpload (search for Apache): http://demo.swfupload.org/Documentation/#knownissues
Uploadify (we use this one): http://www.uploadify.com/forums/discussion/6282/uploadify-script-does-not-work-with-mod_security-enabled/p1

And it looks like mod_security is working on fixing it:
https://www.modsecurity.org/tracker/browse/MODSEC-21

I'd try asking your host to disable mod_security, or upgrading it to not report that invalid error. Or just disable the flash uploader under: Admin > General.

Hope that helps!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] 403 Error

Thanks Dave, we disabled the flash uploader and this has eliminated the problem. Much appreciated!