HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


You don't have permission to access /data/preview.php on this server.

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#83685 (In Topic #17368)

Honoured member

Forbidden

Hi, I maintain a news editorial/blog site for my uncle.  for the past several weeks when he tries to preview an article before posting it he gets:

Code

Forbidden
You don't have permission to access /data/preview.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument
to handle the request.


The problem is that i have tried and tried to recreate this error on my machine and can't.  I've tried logging in to the site with both mine and his loggins, I've tried from all five of my machines here at home, my wife as tried from her work computer and I've even went to a friends house and used his computer, but I have no problems whatsoever previewing a post/article.  I've had him clean his cache, run disk and registry software and everything else i can think of.  Does anyone have a clue what would be causing this?  He writes me at least three times a week with the problem and I'm just at a loss to what could be causing it.
Back to the top
 
Posted
Rating:
#83686
Avatar

Chances are the server has mod_rewrite and his post contains some Javascript. The default attachment templates in ocPortal do, and if the WYSIWYG is on these will be "unwrapped" into the editor, and then mod_security will flag it as a hacker.

You'll need to ask the host to disable mod_security.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#83690
Avatar

Community saint

It sounds like a mod_security issue to me also. If the problem is inconsistent for your uncle then it might actually be the specific article(s) that are causing the problem, so when you try and reproduce it, use his login and the exact same article text.

If you do contact you host can you please ask them which mod_security rules triggered the problems and report back here. I am currently doing ocportal related mod_security testing and would be interested in those rule numbers.


Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#83695

Honoured member

Thanks guys.  That's what it turned out to be obviously.  Seems like i remember having this issue with a different host a couple of years ago.  

The host sent back a message that they'd disabled mod security on the username and domain that was being effected.  I'll asked about any rules they may have changed and will post back with their answer.
Back to the top
 
Posted
Rating:
#83754
Avatar

Community saint

chipster said

The host sent back a message that they'd disabled mod security on the username and domain that was being effected.  I'll asked about any rules they may have changed and will post back with their answer.
Thanks!

If they have disabled mod_security then they will not have changed (i.e. whitelisted) any rules. The rule information I'm after will come from their log files.

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: