403 Forbidden Error

  • Resolved ibiza69

    (@ibiza69)


    3 years ago

    Good morning, we have moved to a new hosting and after migrating, we get this error when trying to save any Custom Codes

    403 Forbidden Error

If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.

IP Address: xxx.xxx.xxx.xxx

BPS Plugin 403 Error Page

    We disabled all .htaccess files and then unistalled the plugin, selecting the option to delete everything. Then we reinstalled all back, activated the .htaccess files back and tryed once more to include the custom codes we had for our sites since a few years ago, but same result, same 403 error when ever we try this option. We to runned the Wizard as always and runned well, but then tryed again to include custom codes and once more same error.

    WE just moved from once hosting to another, with a full backup, same plugins as before, same exact config at Cpanel, etc… everything the same, but we cannot make this work propelly.

    Could you please give us a hand on how could we solve this? We went thru ATI forums and reviewed everything that had to do with this type of errors, with no luck either.

    Thanks for your time and dedication ??

Viewing 11 replies - 1 through 11 (of 11 total)
  • Thread Starter ibiza69

    (@ibiza69)

    This is our security log:

    BPS SECURITY LOG
=================
=================

[403 POST Request: sabado 19 febrero 2022 - 12:43 pm]
BPS: 5.7
WP: 5.9
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx-xx-xxx-xx
Host Name: static-xxx-xx-xxx-xx.digimobil.es
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: POST
HTTP_REFERER: https://www.domain.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
QUERY_STRING: page=bulletproof-security/admin/core/core.php
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

[403 POST Request: sabado 19 febrero 2022 - 12:44 pm]
BPS: 5.7
WP: 5.9
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx-xx-xxx-xx
Host Name: static-xxx-xx-xxx-xx.digimobil.es
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: POST
HTTP_REFERER: https://www.domain.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
QUERY_STRING: page=bulletproof-security/admin/core/core.php
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    Thread Starter ibiza69

    (@ibiza69)

    We have disabled all our plugins (100%) of them, just leaving BPS activated and tryed once more, but got same result 403 page when trying to sabe custom code :S Maybe this information helps. Thank you!

    Plugin Author AITpro

    (@aitpro)

    This sounds like a typical ModSecurity problem. To confirm this, click the Encrypt Custom Code button and then click the Save Root Custom Code button. If you do not see a 403 error then ModSecurity is installed on your host server and it falsely sees your Custom Code htaccess code as malicious and blocks saving Custom Code. The Encrypt Custom Code button/feature encrypts your Custom Code code during Form Submission to bypass/evade ModSecurity.

    • This reply was modified 3 years ago by AITpro.
    Thread Starter ibiza69

    (@ibiza69)

    Hi @aitpro, I think is mod_secure problem, as it’s not enabled. I ask for it yesterday before the migration, but they said they do not use it. So, I think the problem for sure now comes because that. Is there any way for having the plugin working without that option?

    Thank you!

    Plugin Author AITpro

    (@aitpro)

    See my previous forum reply.

    Thread Starter ibiza69

    (@ibiza69)

    @aitpro that you recommended worked nice, thank you!!!

    But, please let me know if we can work same with your plugin without the modsecurity activated ?? Thanks once more for your time!

    Plugin Author AITpro

    (@aitpro)

    If clicking the Encrypt Custom Code button, before clicking the Save Root Custom Code works then that confirms the problem is caused by ModSecurity. That means that you will always need to click the Encrypt Custom Code button before clicking the Save Root Custom Code button any time you want to add/edit/remove custom htaccess code. ModSecurity is generally beneficial. So it is a minor inconvenience to have to click the Encrypt Custom Code button first in order to be able to save Custom Code.

    Plugin Author AITpro

    (@aitpro)

    Most web hosts do not allow you to turn off/disable ModSecurity. BPS works with or without ModSecurity exactly the same. I recommend keeping ModSecurity as it does add additional security protection. So it is worth the extra headaches that ModSecurity is known to create/cause.

    • This reply was modified 3 years ago by AITpro.
    Thread Starter ibiza69

    (@ibiza69)

    @aitpro thank you for taking the time to explain and to solve this for us, everything worked really good!

    Please, have a very nice weekend ;)!

    Plugin Author AITpro

    (@aitpro)

    Great! Thanks for confirming things are working now.

    Have a good one!

    This error indicates that the server has determined that you are not allowed access to the thing you’ve requested, either on purpose or due to a misconfiguration . It’s probably because the site owner has limited access to it and you don’t have permission to view it. The vast majority of the time, there’s not much you can do to fix things on your (*client) end. There are four common causes for 403 Forbidden error (server side) . Here they are listed from most likely to least likely:

    An empty website directory
    No index page
    Incorrect settings in the .htaccess file
    Permission / Ownership error

    If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘403 Forbidden Error’ is closed to new replies.