Update Post gives 403 Error

  • leviself

    (@leviself)


    16 years ago

    When publishing or updating a previous post (clicking the Update button) the next page I receive is a 403 Forbidden error with the following text:

    “You have recieved this message because the resource you have requested is not accessable by the webserver due to file permissions or other locking conditions. Please verify that you have access rights to the requested resource or that the Apache daemon has access rights to the requested resource before trying again. “

    Here is the line from the raw access log:
    “MY.IP.ADD.RESS – – [19/Feb/2009:09:13:06 -0600] “GET /wp-admin/page.php?action=edit&post=2&_wp_original_http_referer=http%3A%2F%2Flevi.obeyingthetruth.com%2Fwp-admin%2F&message=1 HTTP/1.0” 403 1228 “https://levi.obeyingthetruth.com/wp-admin/page.php?action=edit&post=2” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4” “

    This just started this morning, so I am trying to look at all the obvious stuff. The permissions on the /wp-admin directory is “707 (rwx–rwx)” and the /wp-admin/page.php permissions are “647 (rw-r-rwx)”, which should not affect a 403 error.

    Is there anything else that I could check to get rid of this problem, or is this documented somewhere?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Chris_K

    (@handysolo)

    I wonder if you’re tripping over mod_security rules? Have you checked the apache error logs?

    Thread Starter leviself

    (@leviself)

    I just turned the error logs on from the control panel and nothing is getting written to file. But everything was working before this morning.

    I did find out that I couldn’t login via FTP so I logged into the control panel and changed the FTP password back (that in itself is suspicious activity) and since then I’ve been having this problem.

    This wouldn’t be FTP related would it? I didn’t think so, but I don’t know all the inner working of wordpress to be sure.

    Thread Starter leviself

    (@leviself)

    Also, if I drop
    &_wp_original_http_referer=http%3A%2F%2Flevi.obeyingthetruth.com%2Fwp-admin%2F&message=1 off the url, the page loads without a problem.

    dfos01

    (@dfos01)

    I’m having exactly the same problem. It only happens when trying to preview or update previous posts and everything was working fine until yesterday morning.

    I too had to reset my FTP password since my hosts kindly decided to update all FTP passwords during a security upgrade 48 hours ago.

    I’m sorry that I can’t help you with this at the moment but if I find a solution I’ll pass it on ASAP.

    dcs0582

    (@dcs0582)

    Same problem here this morning. Driving me out of my flipping mind.

    Also: IX Webhosting sucks.

    dcs0582

    (@dcs0582)

    Okay, I figured out how to enable error logging from my hosting “control panel”, and here’s my buggaboo:

    [Fri Feb 27 10:19:58 2009] [error] [client 15.203.233.204] mod_security: Access denied with code 403. Pattern match "((alter|create|drop):space:+(column|database|procedure|table)|delete:space:+from|update.+set.+=)" at POST_PAYLOAD [id "300015"][rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "oktroop479.org"] [uri "/wp-admin/post.php"] [unique_id "SagSrUJ06wEAAEou5w8"]

    So I am getting jammed by mod_security. Problem is, when I try to disable it via .htaccess in the root of my website, that causes an error 500 just on page load. Why?

    [Fri Feb 27 10:27:12 2009] [alert] [client 200.105.234.6] /hsphere/local/home/ap265880/oktroop479.org/.htaccess: SecFilterScanPOST not allowed here

    I repeat my former analysis: IX Webhosting sucks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Update Post gives 403 Error’ is closed to new replies.