Skip to Content Skip to Menu

[SOLVED] Error 403 page on editing profile

  • claudio65
  • claudio65
  • OFFLINE
  • Posts: 4
  • Thanks: 1
  • Karma: 0
7 years 4 months ago - 7 years 4 months ago #295280 by claudio65
[SOLVED] Error 403 page on editing profile was created by claudio65
When I try to edit any profile I get this message:

Forbidden

You don't have permission to access /.../index.php/component/comprofiler/saveuseredit on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


And after 2 or 3 tryings, my IP becomes blocked at my host (I can't access any of my sites, including Cpanel).

Note that the path showed at the page error is not correct:
.../component/comprofiler/saveuseredit
The correct should starts with "components" in the plural, not singular.
.../components/comprofiler/saveuseredit
But the directory doesn't exists anyway.

Configurations are right, there is no moderation at any profile edition.
Have no more ideas what to do.
Any help?
Last edit: 7 years 4 months ago by krileon. Reason: Added [SOLVED] tag to subject

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 4 months ago #295325 by krileon
Replied by krileon on topic Error 403 page on editing profile
Sounds like mod_security false positive. Contact your host and have them make exceptions to the mod_security rules or you maybe able to do so your self if you've access to cpanel.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • claudio65
  • claudio65
  • OFFLINE
  • Posts: 4
  • Thanks: 1
  • Karma: 0
7 years 4 months ago - 7 years 4 months ago #295332 by claudio65
Replied by claudio65 on topic Error 403 page on editing profile
Thanks for answering!
Yes, you're right, I tested this by disabling mod_security. After that, I could load the avatar file.
But I can not keep it off.
This is the error log:

Pattern match "(asfunction|data|javascript|livescript|mocha|vbscript):" at ARGS:avatar__file_image_data

I do not have access to mod_security, and I very much doubt that my host service will make any modifications for me.
So my question is:
Is there any other way to make it work, other than handle mod_security?
Something as an exception for a .htaccces file, for example?
Last edit: 7 years 4 months ago by claudio65.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 4 months ago #295336 by krileon
Replied by krileon on topic Error 403 page on editing profile
You need to contact your host to make rule exceptions if you've no access to do that your self. You likely have access to do that your self given they allow you to disable mod_security entirely. Their pattern is a bit strict rejecting post variables with the word data in them. All of this you'll need to work out with your host.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • claudio65
  • claudio65
  • OFFLINE
  • Posts: 4
  • Thanks: 1
  • Karma: 0
7 years 4 months ago #295337 by claudio65
Replied by claudio65 on topic Error 403 page on editing profile
Ok!
Thank you!
I simply give up.
My host service says they cannot do nothing to help me.
The Community Builder seems to be inaccessible to make changes.
So, i giveup.
Thank you, anyway!

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 4 months ago #295353 by krileon
Replied by krileon on topic Error 403 page on editing profile
Then you may want to change hosts. They should be able to make a relatively simple mod_security exemption rule. Unfortunately there's nothing CB can do about this as it's a security feature at the server level.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum