Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2008-06-07 05:42:42
- txp_userguy
- New Member
- Registered: 2008-06-07
- Posts: 3
403 Forbidden When Posting Hyperlinks in Articles
I’ve searched a bit and haven’t been able to find this specific issue.
Today when I post <a> tags in the write tab and publish, the server throws a 403 Forbidden error
“You do not have permission to access this document”
The error log file reads:
Sat Jun 07 00:30:17 2008] [error] ModSecurity: [file “/etc/httpd/modsecurity.d/10_asl_rules.conf”] [line “947”] [id “340162”] [rev “1”] [msg “Remote File Injection attempt in ARGS (AE)”] [severity “CRITICAL”] Access denied with code 403 (phase 2). Pattern match “(?:ogg|gopher|zlib|(?:ht|f)tps?)\\:/” at ARGS:Body. [uri “/textpattern/index.php”] [unique_id “36B8GH8AAAEAADkaLbUAAAAP”]
Posting <a> tags was working up until yesterday.
Although I’m not server admin savvy, this seems to be a server issue – changed security or something. Is there anyone who could volunteer apache knowledge and assist me in addressing my hosting tech folks to resolve the issue?
tia,
b wood
Offline
Re: 403 Forbidden When Posting Hyperlinks in Articles
As it says in the error log, this is caused by your server misinterpreting your post’s body as a malign hacker/cracker payload. On most hosts, a setting in ../textpattern/.htaccess suffices to silence mod_security (though it leaves a potentially higher security risk). So either your host or you would have to create a file named .htaccess in your ../textpattern directory (not in your site root!), and add this:
<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>Usually, this helps. If it won’t, your host would have to investigate further.
Offline
#3 2008-06-07 13:04:22
- txp_userguy
- New Member
- Registered: 2008-06-07
- Posts: 3
Re: 403 Forbidden When Posting Hyperlinks in Articles
Thanks wet.
It looks like I’ll need to enlist the help of my host tech support.
The mod_security fix didn’t take.
b wood
Offline
#4 2008-06-10 05:22:28
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: 403 Forbidden When Posting Hyperlinks in Articles
On a related note, Joyent, for instance, won’t allow you to completely disable mod_security anymore nor do it for you, so if you encounter mod_security problems with them, you have to go bug them to adjust their ruleset. :/ My guess is that other hosts may have similar policies.
Last edited by Mary (2008-06-10 05:22:56)
Offline