Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

403 Forbidden on Admin notifications.json file #979

Closed
adamjansch opened this issue Feb 15, 2017 · 11 comments

Comments

Projects
None yet
4 participants
@adamjansch
Copy link

commented Feb 15, 2017

Hi,

When I updated to version 1.1.15 on two Grav sites I started getting 403 errors in the Admin panel. The issue persists in 1.1.16. The error (which appears in a red box before fading away) says:

403
Forbidden

Access to this resource on the server is denied!

Proudly powered by LiteSpeed Web ServerPlease be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.

More details are provided in Chrome's console:

POST http://adamjansch.co.uk/admin/notifications.json/task:processNotifications 403 (Forbidden)

Functionality in the Admin panel does not appear impacted by the error, however a knock-on effect of this problem is the error is triggering my web host's firewall block.

Note, I'm not certain this issue was caused by updating Grav: it was the first Grav update I performed after my web host did a server switch, so I don't know how that might impact it. What I can say is I've had no issues with Grav 1.1.15 or 1.1.16 on my local server.

Any ideas how to fix?

@flaviocopes

This comment has been minimized.

Copy link
Contributor

commented Feb 15, 2017

I can see a 403 on processNotifications mentioned in #958, that issue was linked to a tmp folder path.

@adamjansch

This comment has been minimized.

Copy link
Author

commented Feb 15, 2017

I saw that post, but it seemed like that issue may not have been fixed.

Other recent posts on 403s here have mentioned mod_security, and when I disabled mod_security temporarily on one of my Grav sites the issue went away. Is there a way to fix without disabling mod_security?

@rhukster

This comment has been minimized.

Copy link
Member

commented Feb 17, 2017

If you provide your mod_security rules, we can probably take a look and see which rule is probably tripping this ajax call rather than disabling the whole mod_security.

@adamjansch

This comment has been minimized.

Copy link
Author

commented Feb 19, 2017

Thanks, I'm on shared hosting so just finding out how to get access.

@axel-rank

This comment has been minimized.

Copy link

commented Feb 19, 2017

Maybe check the solution of this issue:
#951

@flaviocopes

This comment has been minimized.

Copy link
Contributor

commented Feb 20, 2017

This issue gantry/gantry5#1137 (comment) contains some more mod_security related suggestions

@adamjansch

This comment has been minimized.

Copy link
Author

commented Feb 20, 2017

Thanks @flaviocopes. Is <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> the analogue of switching off mod_security in the cPanel?

Currently working with my web host to understand which rule(s) may be the issue. Will post back with any conclusion.

@adamjansch

This comment has been minimized.

Copy link
Author

commented Feb 20, 2017

My web host was able to pinpoint the offending rule and whitelisted it, everything is working fine now. Thanks everyone for your help!

@adamjansch adamjansch closed this Feb 20, 2017

@flaviocopes

This comment has been minimized.

Copy link
Contributor

commented Feb 21, 2017

@adamjansch what was that rule, if others stumble on the same problem?

@adamjansch

This comment has been minimized.

Copy link
Author

commented Feb 21, 2017

@axel-rank

This comment has been minimized.

Copy link

commented Feb 21, 2017

Yes, the same like #951.
As I asked there already:
Question remains: …Potentially Untrusted Web Content Detected ???

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.