Forum
403 Forbidden error when saving page
I have a very weird error occurring on one of my Perch sites. The customer complained that she was unable to save changes to one of the pages on her site - when she clicked save, she received a 403 Forbidden error.
I started to remove content in the text block, to try and isolate the problem. When I removed the following paragraph, I was able to save the page without a 403 error. If I add this paragraph to any other page, it causes a 403 error when trying to save the page.
"Not having teeth, pieces of food are ground up in the gizzard, so avoid old long grass as this can impact and kill, as can polystyrene (e.g. ceiling tiles) which they just adore to peck at, or pieces of plastic string."
It gets weirder - if I remove the comma between 'teeth' and 'pieces', the problem is fixed. As soon as I add the comma back in, when you click 'Save Changes' I get the 403 error.
Any idea what would be causing this? I have contacted the hosting support, who don't know what the problem is.
Here's the Diagnostic Report. The site is vicvet.com, and the page is the Health and Diseases page.
Perch: 2.8.32, PHP: 5.3.29, MySQL: 5.6.33, with PDO
Server OS: Linux, litespeed
Installed apps: content (2.8.32), assets (2.8.32), categories (2.8.32), perch_events (1.9), perch_forms (1.7), perch_members (1.0.3), perch_upgrade (1.4)
App runtimes: <?php $apps_list = array( 'content', 'perch_events', 'perch_forms', 'perch_members', );
PERCH_LOGINPATH: /perch
PERCH_PATH: /home/vicvetco/public_html/perch
PERCH_CORE: /home/vicvetco/public_html/perch/core
PERCH_RESFILEPATH: /home/vicvetco/public_html/perch/resources
Image manipulation: GD
PHP limits: Max upload 100M, Max POST 100M, Memory: 256M, Total max file upload: 100M
F1: 2edba60ed1f613d6dd804feb202456a2
Resource folder writeable: Yes
HTTP_HOST: vicvet.com
DOCUMENT_ROOT: /home/vicvetco/public_html
REQUEST_URI: /perch/core/settings/diagnostics/
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
I had a similar problem with a client and it turned out to be some security settings in PHP. It might be worth checking your server settings and possibly the version of PHP you’re using.
As Nick says, this is likely a server security-related issue.
Thanks guys. Any idea what settings I should be asking the host to check exactly? Nick, can you remember what setting caused your issue previously?
Ask if they have any security filtering that is analysing form submissions.
Sorry about the delay, I found the problem was caused by mod_security. I used this guide to find a solution: https://wiki.modxcms.com/index.php/What_is_mod_security_and_how_does_it_affect_me
Be careful though as any changes may leave your site less secure.
Thanks Nick. It was indeed mod_security. The host has disabled it, and now the page can be saved. Though I'm not sure if disabling it is a permanent / wise solution.
They shouldn't need to completely disable it, now they have identified the issue it would be better to look at see which setting needs adjusting. mod_security is pretty common and we don't have 100s of people in here with issues so it might be worth exploring the logs and finding out which setting is erroneously catching this and tweaking that setting in the configuration.