We are transitioning over to a new forum platform. Please post new issues there. Existing threads will be dealt with here unless you choose to move them over. Visit the new forum

Forum

Thread tagged as: Problem, Error

403 Forbidden error when saving page

I have a very weird error occurring on one of my Perch sites. The customer complained that she was unable to save changes to one of the pages on her site - when she clicked save, she received a 403 Forbidden error.

I started to remove content in the text block, to try and isolate the problem. When I removed the following paragraph, I was able to save the page without a 403 error. If I add this paragraph to any other page, it causes a 403 error when trying to save the page.

"Not having teeth, pieces of food are ground up in the gizzard, so avoid old long grass as this can impact and kill, as can polystyrene (e.g. ceiling tiles) which they just adore to peck at, or pieces of plastic string."

It gets weirder - if I remove the comma between 'teeth' and 'pieces', the problem is fixed. As soon as I add the comma back in, when you click 'Save Changes' I get the 403 error.

Any idea what would be causing this? I have contacted the hosting support, who don't know what the problem is.

Here's the Diagnostic Report. The site is vicvet.com, and the page is the Health and Diseases page.

Perch: 2.8.32, PHP: 5.3.29, MySQL: 5.6.33, with PDO
Server OS: Linux, litespeed
Installed apps: content (2.8.32), assets (2.8.32), categories (2.8.32), perch_events (1.9), perch_forms (1.7), perch_members (1.0.3), perch_upgrade (1.4)
App runtimes: <?php $apps_list = array( 'content', 'perch_events', 'perch_forms', 'perch_members', );
PERCH_LOGINPATH: /perch
PERCH_PATH: /home/vicvetco/public_html/perch
PERCH_CORE: /home/vicvetco/public_html/perch/core
PERCH_RESFILEPATH: /home/vicvetco/public_html/perch/resources
Image manipulation: GD
PHP limits: Max upload 100M, Max POST 100M, Memory: 256M, Total max file upload: 100M
F1: 2edba60ed1f613d6dd804feb202456a2
Resource folder writeable: Yes
HTTP_HOST: vicvet.com
DOCUMENT_ROOT: /home/vicvetco/public_html
REQUEST_URI: /perch/core/settings/diagnostics/
SCRIPT_NAME: /perch/core/settings/diagnostics/index.php
Thomas Eccles

Thomas Eccles 0 points

  • 2 years ago

I had a similar problem with a client and it turned out to be some security settings in PHP. It might be worth checking your server settings and possibly the version of PHP you’re using.

Drew McLellan

Drew McLellan 2638 points
Perch Support

As Nick says, this is likely a server security-related issue.

Drew McLellan said:

As Nick says, this is likely a server security-related issue.

Nick Bramwell said:

I had a similar problem with a client and it turned out to be some security settings in PHP. It might be worth checking your server settings and possibly the version of PHP you’re using.

Thanks guys. Any idea what settings I should be asking the host to check exactly? Nick, can you remember what setting caused your issue previously?

Drew McLellan

Drew McLellan 2638 points
Perch Support

Ask if they have any security filtering that is analysing form submissions.

Sorry about the delay, I found the problem was caused by mod_security. I used this guide to find a solution: http://wiki.modxcms.com/index.php/What_is_mod_security_and_how_does_it_affect_me

Be careful though as any changes may leave your site less secure.

Nick Bramwell said:

Sorry about the delay, I found the problem was caused by mod_security. I used this guide to find a solution: http://wiki.modxcms.com/index.php/What_is_mod_security_and_how_does_it_affect_me

Be careful though as any changes may leave your site less secure.

Thanks Nick. It was indeed mod_security. The host has disabled it, and now the page can be saved. Though I'm not sure if disabling it is a permanent / wise solution.

Rachel Andrew

Rachel Andrew 394 points
Perch Support

They shouldn't need to completely disable it, now they have identified the issue it would be better to look at see which setting needs adjusting. mod_security is pretty common and we don't have 100s of people in here with issues so it might be worth exploring the logs and finding out which setting is erroneously catching this and tweaking that setting in the configuration.