Jump to content

403 Forbidden Error


toast691

Recommended Posts

Thank you for any assistance with this issue.

If i go to update a products information in the admin section then click save I am getting the following error. I also get this error if I try to update a document as well.

Forbidden

You don't have permission to access /admin_tGCWV9.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

 

Any ideas what could be causing this?

Link to comment
Share on other sites

Please try this:
* Bring the product up for editing.
* On the Description tab, switch the editor to Source mode
* Copy and paste the product's Description (and Short Description) to a text editor on your computer
* Replace everything in the Description (and Short Description with something very simple, "Rainbow" for example
* Save this

The test is to determine if you have entered something in the Description that may be tripping a server-level security utility.

Link to comment
Share on other sites

This is almost certainly caused by the content you are entering in the description field tripping something known as mod_security which is a basic WAF, which while it can pick up legitimate security issues, does also pick up a lot of false negatives especially if the mod_security database isn’t updated as often as it should be or you are running old software (for example CubeCart V3 and V4 trip a lot of current mod_security rules much like other applications that are that old)

Ian

Link to comment
Share on other sites

Thanks bsmither and Ian.

I did as you mentioned bsmither replacing it with rainbow and it saved without any issues. I then pasted the original source text back in and the forbidden error came back up immediately. I also tried removing all the source code and then manually typing the description into the description field and the forbidden error came up again.

I am using version 6.2.2 - Haven't had time to upgrade as of yet.

Link to comment
Share on other sites

It will not be the version of  CubeCart you are running unless it is a very old version - you need to speak to your hosting company and if you don’t get any immediate solution from them as they should be able to see exactly what is going on, then maybe look for a new hosting company 😀

Link to comment
Share on other sites

I have pasted an example of our product description below. The strange thing is we have had these descriptions in place for three years now for around 1000 products and no changes have been made to them.  The only reason I wanted to edit this product was to make price changes not anything to do with the description. It seems like all our products cant be edited and saved at the moment.

 

Avena sativa - Organic - AusQual Certified

Oats are an annual to 1 metre, excellent green manure forage crop. Nutritious, edible grain and can also be used for stock feed. Oats can also be used for sprouting having a chewy nutty texture that is surprisingly sweet. When growing as a green manure crop combine with chickpea seed.

Sow Autumn-Winter.

Seed packet contains approx 20g

1kg will cover 70m2. 20 seeds/gram.

Link to comment
Share on other sites

All you need to do is speak with your hosting company and ask them to confirm you are tripping a mod_security rule.  They may be able to help determine what the cause is based on what rule is being tripped but to be honest, most won’t bother and your only option then is to.ask them to whitelist that rule for your account.  It is VERY unusual for up to date standard CubeCart to trip mod_security rules though - if it isn’t mod_security,  then your hosting company should be able to determine what is causing the 403

Ian

Link to comment
Share on other sites

Yes, clicking Save when editing a product will submit all data on all screens - regardless whether any of it changed.

Perhaps to satisfy your curiosity, you can progressively remove half the content and see if the server faults. If it does, remove half of what was left. If it doesn't remove half of the half you previously removed.

Eventually, you might hit the expression that is tripping the rule (if this is a mod_security issue).

I used this tester:
https://www.modsecurity.org/crs-demo.html

but got a 201 response. I do not know if that is what I wanted to see or if there was some kind of error.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...