Unable to verify

Hi @skumar1st

Do you experience this problem only with Google?
If you do, then this problem usually caused by firewalls, more specifically ModSecurity, which has a rule on its blacklist that automatically blocks the requests that contain “.profile” in GET parameters. The problem is that, when Google redirects back to your site, the URL will contain this:

• https://www.googleapis.com/auth/userinfo.profile

in the scope GET parameter, so it block it.

All servers should have an error log that contains all kinds of errors happening on the server. These 403 errors should be there as well.
So you should find this error log of your server, and from that you can find the rule that causes the problem.
To fix the problem you should either disable that rule, or your should make some adjustments so the .profile expression in the scope: https://www.googleapis.com/auth/userinfo.profile
shouldn’t trigger the 403 error.

Please note that we can not provide help for server management, but in our documentation:

• https://nextendweb.com/nextend-social-login-docs/google-403-and-404-errors/#fix

you can find a step by step guide that might help you in resolving the problem.

Best regards,
Laszlo.

• This reply was modified 2 years, 12 months ago by Laszlo.

Dear Laszlo,

Really thanks for quick reply. I was very happy, when I got your plugin and super easy to integrate on 1 site.

But almost given 4-5 hrs for new site, but failed.
Both website hosted on lightsail (plesk panel) with cloudflare and both use gmail.

Also tried un-installed complete your plugin and install again but still failed.

Pls view log and guide.
[Thu Mar 31 04:10:05.606968 2022] [:error] [pid 116031:tid 140624****7296] [client 172.70.162.86:0] [client 172.70.162.86] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||website***.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "website***.com"] [uri "/account/"] [unique_id "Y************EA"], referer: https://accounts.google.co.in/

I really appreciate if you can guide further.

Hi @skumar1st

This log means that your ModSecurity settings don’t allow the “.profile” scope in the URL. Google requires this scope, so your server needs to be able to use it in the URL.

I recommend contacting your host and asking them to disable this ModSecurity limitation so that you could use the Google provider.

Thanks for quick reply. This was problem, when I setting mod off, then verified. But can’t mod off completely for any problem.

After check, found 1st site has custom rule set as default.
But 2nd comodo rule and unablet to set custome rule, they need to upload file.
[Upload a custom web application firewall rule set. Supported formats: zip, tar.gz, tgz, tar.bz2, conf.]

This is plesk panel (for Lightsail) no any assistance.
Could you please assist for set firewall rule?
Or, I should ask in plesk forum?

Thanks & Regards,
Sanjeev

Hi,

Disabling the rule that doesn’t allow passing the “.profile” rule should be enough. You shouldn’t need to disable the whole ModSecurity for this to work.

As Laszlo mentioned, we’re unable to provide help for server management, so if you’re not sure how to configure your server the way you want it to, I recommend asking the plesk forum you mentioned.