Image Upload error - The server didn't send back a proper XML resp

[grafis]

Running 4.3.8, cannot upload images. Stumped and need new products!

- Checked permissions (777 on /images/uploads, /cache, /includes/extra ).

- Checked $glob['rootRel'] = '/';

- Checked .htaccess

- re-uploaded all files in /admin/includes/rte

- I can create new image folders via "Create New Folder" (error at launch of image uploader, and error when I create the image folder, but the folder is created)

This is the error Internet Explorer displays

---------------------------

Message from webpage

---------------------------

The server didn't send back a proper XML response. Please contact your system administrator.



XML request error: Forbidden (403)



Requested URL:

/admin/includes/rte/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=uploads&CurrentFolder=%2F&uuid=1311464225155



Response text:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /admin/includes/rte/editor/filemanager/connectors/php/connector.php

on this server.</p>

<p>Additionally, a 404 Not Found

error was encountered while trying to use an ErrorDocument to handle the request.</p>

<hr>

<address>Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_fcgid/2.3.6 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.luciasimports.com Port 80</address>

</body></html>



---------------------------

OK   

---------------------------

[Guest Niggish]

Don't know if you have resolved this yet but I was asked to look into this exact same error message for a friend. I suspect your issue may be something very similar.

After a lot of duff leads I eventually discovered that it was a host issue by looking at the error logs for the domain on the host site. The host run "atomic-secured-linux-and-mod-security" which blocks FCKeditor from connecting for security reasons. This was resolved quite easily by just contacting the host company and pointing out the issue. Even if you don't know how to access the error logs on the host for your site they may well be able to find it in the error logs if you generate the error noting the time you do it and give them the IP address of the computer you do it on. (There are a number of free websites that can tell you your IP address).

Below I've included one of the entries from their error log which was created from one instance of the error being generated. I've **** out any sensitive information for security reasons.

[Wed Aug 10 16:24:01 2011] [error] [client **.***.**.**] ModSecurity: [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "58"] [id "388000"] [rev "1"] [msg "Atomicorp.com WAF Rules - Virtual Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication)"] [data "/editor/filemanager/connectors/php/connector.php"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:getfoldersandfiles|fileupload)" at ARGS:Command. [hostname "www.*****************"] [uri "/admin/includes/rte/editor/filemanager/connectors/php/connector.php"] [unique_id "*****************************************"]

Hope this helps.