CMS v2.65 This Site says... There was an error sending the request! (403 Forbidden)

12 posts by 4 authors in: Forums > CMS Builder
Last Post: June 22, 2016   (RSS)

By webmaster - March 30, 2016

Good Day

New user trying to resolve an issue with our CMS software.

Using CMSB Version 2.65

PHP v5.3.29.  ( yes I know 5.5 is required and have tried it, however I am still in process of fixing other php script so cannot leave it at PHP 5.5)

I am trying to change the location of the upload directory via Admin>Section Editors>test>Field Editor module.

When I hit Save I get the "This Site says... There was an error sending the request! (403 Forbidden)"

I have run the phpinfo and cannot find a cgi.force_redirect entry

I tried the php.ini.disable, .htaccess.disabled and user.ini.disabled suggestions in the trouble shooting section of this forum.

Can anyone advise me as to what I am doing wrong.

Thank You

Respectfully - John

Jackson

Hi John, 

 cgi.force_redirect shows value of 1 for local value and 1 for Master value. 

Are you attempting to change the cgi.force_redirect  setting because of  this post:

http://www.interactivetools.com/forum/forum-posts.php?postNum=2237567#post2237567

I think in this case the issue might be because of mod-security, you can find more details on this here:

http://www.interactivetools.com/forum/forum-posts.php?postNum=2236533#post2236533

Please could you check with your host if mod security is enabled, and if it is, ask them to disable it? 

If that doesn't work you can fill out a second level support request here:

https://www.interactivetools.com/support/email_support_form.php

and we can take a closer look at the issue. 

Cheers!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By webmaster - April 6, 2016

Thank you for all the help.  Greatly appreciated.  My host was able to resolve the issue for me after a second try.

Greatly appreciative

John

Jackson

Hi John,

Any idea what steps your host took to resolve this issue?

Cheers,

Jayme

By webmaster - June 9, 2016

Hi Jayme

The only information they gave me is that they disabled a couple of "mod_security rules" that were blocking the pages

Sorry I don't have more info.

John

Jackson

This is useful. Thanks John.

I'm starting to see this error more and more these days - and on a wider range of our sites.

It normally appears when trying to modify an existing editor field with Advanced settings on a production server. So if you're saving the extra field settings in a lightbox, that's when the error usually appears. "Top Level" changes to the editor, don't seem to trigger this error. I'm guessing it has something to do with the file being loaded into the lightbox for editing.

We've found two work-around so far:

  1. Change the editor on another server and FTP the schema over.
  2. Manully edit the schema on the production serve and then revisit the Section Editors after doing so.

QUESTION:

Is there a clear directive we can ask our hosts for that would solve this issue? It's affecting a larger number of our sites these days and I don't want to have issue a trouble ticket for each domain if I can help it.

Many thanks,

Jayme

By gregThomas - June 20, 2016

Hey Jayme, 

This issue is almost always caused by the host running mod_security or something similar. You can ask your host if they have mod security enabled on their servers. If they do, ask for it to be disabled for all of your sites. This post by Dave has more details:

http://www.interactivetools.com/forum/forum-posts.php?postNum=2236533#post2236533

Let me know if you have any questions. 

Cheers,

Greg

Greg Thomas







PHP Programmer - interactivetools.com

Thanks Greg. This seems to be more of an issue on one host even though both appear to have mod_security active.

Just for discussion, I would think that we'd rather have mod_security running than not though. Although you pros at Interactive Tools probably validate and clean your code, other functions on sites might not have received the same care. This library provides some blanket protections again DDOS and malicious form injections which I'd rather have on if possible. Any thoughts?

Jayme