Error 403 with sendy

  • Resolved Minh Tran

    (@golddragon)


    6 years, 4 months ago

    Dear Mr/ms,

    I used a web with wordfence (https://www.iuoss.com) and another sendy web (https://sendy.iuoss.com).
    When I copy a template email into sendy and save. I received this mess:

    403 Forbidden
    A potentially unsafe operation has been detected in your request to this site.

    Generated by Wordfence at Sun, 22 Jul 2018 3:23:40 GMT.
    Your computer’s time: Sun, 22 Jul 2018 03:23:46 GMT.

    I tried:
    1. Change wordfence firewall to Learning Mode
    2. I can go to Wordfence > Firewall > Current Blocks, but can’t see my subdirectory website listed there
    3. I can go to Tools > Live Traffic, but can’t see my subdirectory website listed there
    4. In folder of Sendy, I place a “.user.ini” file with “auto_prepend_file = none” in it

    Thank for reading,

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hi @golddragon!

    The fix that you mention as number 4 should have worked since it would prevent Wordfence Firewall from loading on the sendy site, assuming the sendy site is located in a subdirectory of your iuoss site.

    Did you optimize the Firewall in the iuoss site using a .user.ini setup or did you optimize it some other way? It’s possible that your site isn’t using .user.ini at all and that your optimization was done via .htaccess instead for example. Then the auto_prepend_file override would have to be done via .htaccess instead.

    Let me know what you think!

    Thread Starter Minh Tran

    (@golddragon)

    My files:
    – .htaccess:

    ErrorDocument 404 "[404 error] If you're seeing this error after install, check this FAQ for the fix: https://sendy.co/troubleshooting#404-error"

Options +FollowSymLinks
Options -Multiviews

RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^([a-zA-Z0-9-]+)$ $1.php [L]

# Link tracker
RewriteRule ^l/([a-zA-Z0-9/]+)$ l.php?i=$1 [L]

# Open tracker
RewriteRule ^t/([a-zA-Z0-9/]+)$ t.php?i=$1 [L]

# Web version
RewriteRule ^w/([a-zA-Z0-9/]+)$ w.php?i=$1 [L]

# unsubscribe
RewriteRule ^unsubscribe/(.*)$ unsubscribe.php?i=$1 [L]

# subscribe
RewriteRule ^subscribe/(.*)$ subscribe.php?i=$1 [L]

    – .user.ini
    auto_prepend_file = none
    Sorry, I’m not familiar this much. Is it correct ?

    Hi @golddragon!
    In the site where you have Wordfence installed, if you have optimized the firewall you will have the auto_prepend_file set to wordfence-waf.php either in .htaccess directly or in .user.ini. For iuoss, do you have auto_prepend_file set in .user.ini?

    Thread Starter Minh Tran

    (@golddragon)

    my main web where is Wordfence installed, I have file .htaccess:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF
<IfModule mod_php5.c>
	php_value auto_prepend_file '/var/www/oss/students/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

php_value upload_max_filesize 128M
php_value post_max_size 128M
php_value max_execution_time 300
php_value max_input_time 300

# END Wordfence WAF

    There is no file .user.ini

    Hi @golddragon!
    Ok so that explains why the .user.ini override in the subfolder isn’t working. Your site doesn’t use that file type. Your Firewall configuration only uses .htaccess.

    To prevent the Firewall from loading in the subfolder you should then add in your .htaccess in the subfolder

    <IfModule mod_php5.c>
    php_value auto_prepend_file none
    </IfModule>

    Let me know if that works!

    Thread Starter Minh Tran

    (@golddragon)

    It worked.
    Thank you so much ??

    That’s great news thanks for letting me know!

    Hope you have a great weekend.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Error 403 with sendy’ is closed to new replies.