Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2005
    Location
    Cincinnati
    Posts
    334
    Plugin Contributions
    0

    Default EZ-pages forbidden error

    File this one under "I must be losing my mind."

    Believe it or not, I am not making this up.

    I just upgraded one of my Carts from 1.2.6 to 1.3.6. So far so good.

    But when I tried creating EZ-pages, life got very weird.

    I created several EZ-pages successfully, as one would expect.

    But when I tried creating a page with the following in the HTML Content textarea, I was forbidden access to admin/ezpages.php on the remote server ...
    "Ritual" is a term we use to describe the practice of stepping into the threshold or liminal space, and working in that space to effect chosen changes in ourselves and in our lives. In liminal space, an individual is consciously aware not only of material reality, but of emotional, mental and spiritual realities as well. Thus, in ritual, one is able to voluntarily transform oneself on several levels simultaneously.
    The specific error was "Forbidden / You don't have permission to access /catalog/admin/ezpages.php on this server."
    I thought maybe a security mod had malfunctioned, so I backed out and tried again. Same deal.

    I tried creating another EZ-page with a different block of text, and it went through just fine. So I tried yet again with the initially-forbidden text (above), and again -- same forbidden error.

    My head started to hurt, but I had to find out why EZ-pages accepted everything I fed it but this one paragraph. I experimented for about an hour, and to make a long story even longer, I learned that when I omitted or misspelled the word "describe" (e.g. "dsecribe"), EZ-pages passed the form. But whenever I tried putting the correct spelling back in, I was forbidden.

    By now I was starting to consider a career change, yet I couldn't give up after coming this far. I tried moving the correctly-spelled word "describe" to different places in the paragraph, and amazingly, it made a difference.

    No kidding. If "describe" appeared too early in the paragraph, Forbidden. Far enough from the beginning, accepted. I repeated this little experiment several times, and the results were consistent.

    To wit:
    "Ritual" is a term we use to the practicedescribe of stepping into the threshold or liminal space
    is forbidden, but
    "Ritual" is a term we use to the practice describeof stepping into the threshold or liminal space
    is accepted.

    To say my mind is blown would be an understatement.

    Before the sun comes up, I need to be on my way to Philadelphia. I won't have time to check this thread until Monday morning, by which time I will probably be wondering if I fell asleep on my keypad and dreamt this ordeal.

    While this sounds a lot like aimless venting, I really have a practical purpose for sharing (inflicting?) my story on the ZenCart community.

    I just want to know if anyone knows what would cause this type of behavior. Why would the mere inclusion of a word (and its position relative to the start of the field) consistently yield a Forbidden error?

    Now if you all will excuse me, I need to contemplate my future life as a rodeo clown.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: EZ-pages forbidden error

    This is a classic example of mod_security installed on your host's server.

    mod_security looks for certain words that could be misused if your site was vulnerable to SQL exploitation. "describe" is a command used in MySQL to explain the structure of a database table. Since that can reveal information that shouldn't be disclosed, your host has set it to be forbidden from submission.

    The fact that it is not blocked after about 42 characters could be simply a way that things are set up so that "normal" use isn't impeded too badly.

    It's a measure taken on shared-hosting sites where the host doesn't know or trust its clients to run secure software.

    You can work around this by adding the following to your /admin/.htaccess file ... if your host hasn't prohibited this action:
    Code:
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    If doing that blocks you out of your admin area entirely, then your host has the thumbscrews tightened very very strictly and clearly doesn't trust anyone. Hopefully you'll be able to convince them otherwise.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Aug 2005
    Location
    Cincinnati
    Posts
    334
    Plugin Contributions
    0

    Default Re: EZ-pages forbidden error

    Wow -- so I'm not losing my mind?

    Seriously, THANKS for solving this one for me, Doc -- and so quickly, too.
    The fix you prescribed took 30 seconds to implement, and it worked. Now I can keep my mind on the road instead of wondering who has a padded room for me.

    And I learned something new.

    Amazing ...

 

 

Similar Threads

  1. Help me. Error 403. Forbidden Error
    By thelostknight in forum Installing on a Linux/Unix Server
    Replies: 1
    Last Post: 4 Jun 2011, 04:15 AM
  2. Getting 403-Forbidden when pasting javascript in Ez-pages
    By christianday in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 15 Feb 2010, 06:10 AM
  3. Define Pages Editor - 403 Forbidden
    By testuser in forum General Questions
    Replies: 4
    Last Post: 31 Jan 2008, 12:41 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR