Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29
  1. #11
    Join Date
    Jun 2008
    Posts
    12
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    I am getting this error when trying to update an existing product, saying I dint have permission to access /catalog/adm1n/product.php BUT.. it only happens from the office PC. When logged in at home, there's no problem.

    I am using the very same admin login on both PCs. I temporarily renamed the .htaccess to .htaccessBAK and still the problem persisits.

    There is one thing about this though. Its only happening for products whose prices are linked, using the Better Together mod.

    I guess the simple answer is to use my home PC, or ditch the Better Together mod but I need to be able to offer discounts when buying linked products.

    If any code is needed, please let me know and I'll add it to the post.

    Thanks,

    Johnny

  2. #12
    Join Date
    Jun 2008
    Posts
    12
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    Despite - the Better Together 'red herring' above, this problem WAS to do with the SecFilterEngine. I added that line of code, problem gone.

    Has anyone found out what needed changing with their host to resolve this?

    Johnny

  3. #13
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: 403 Forbidden error when updating product

    johnny_e, from what you have described it sounds like the Office IP is being blocked; either by you in one of your .htaccess files or by your Hoster for some reason. You don't mention though, if you can access the front end of the Store from your Office?

    I would first check your .htaccess files to see if you have blocked the Office IP.

  4. #14
    Join Date
    Jun 2008
    Posts
    12
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    My .htaccess file was unchanged from the shipped version - so this must be down to something my hoster is doing. I guess that the fact that disabling the SecFilterEngine cured this - further reinforces the idea.

    BTW - the front end was ok from the office. In fact, I could add a new product OK from the office. It was only when editing said product, that the 403 error occured. Strange... Thanks for the reply.

    Johnny

  5. #15
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: 403 Forbidden error when updating product

    If you can access the front end from your Office computer then the IP is not being blocked; by you nor your Hoster.

    Something else is doing the blocking but not sure what. If, as you say, disabling the SecFilterEngine solves the problem then it could be a Server Firewall setting; using a word(s) not allowed. You can test by first recording whatever Edit you are trying to do from the Office then, if that is not allowed, try to make the same Edit from Home.

    You could also try Editting from a third computer in different location to see what results you get. Might help to pin down if problem is with a specific Module.

  6. #16
    Join Date
    Jun 2008
    Posts
    12
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    I'll try that. Mind you - what confuses this even further ...

    We added a new product. No problem. Then we went back in to add just an image - and got the 403 error! How does that get hit by a word filter?

    Johnny

  7. #17
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: 403 Forbidden error when updating product

    Good question.

    You definitely have an oddball situation on your hands and will take some effort to sort out. Have a look at your Hosting account Error logs to see what info they are providing. Might be helpful.

  8. #18
    Join Date
    Jan 2006
    Posts
    117
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    I have this same issue. On ANY (apparently) add OR update of a product or category, and in attempting to reset the admin password from the back end (and perhaps other submissions; I haven't tried every feature in the admin section) results in the 403 not found and no permission page indicated in this thread.

    Modsec successfully alleviated the issue, so I submitted a ticket to my host.

    They replied with the error that is showing on their end in the apache server - everything in <pointy> brackets is me replacing (possibly) sensitive information with a tag:

    [Wed Sep 17 09:26:03 2008] [error] [client <IP>] mod_security: Access denied with code 403. read_post_payload: Failed to c reate file "/home/<BADUSER>/tmp/20080917-092603-<IP>-request_body-GqdtBU" because 13("Permission denied") [severity "EMERGE NCY"] [hostname "www.<mydomain>.com"] [uri "/<admin folder>/categories.php?action=insert_category&cPath="]
    [Wed Sep 17 09:26:03 2008] [error] [client <IP>] File does not exist: /home/<MYUSER>/public_html/403.shtml

    What is very important is that <BADUSER> in the first error is NOT my account. It is some other user (if the name is relevant, I can post that one, but I assume the only relevant fact is that it's not mine). <MYUSER> in the second error is the proper account (I'm talking about my web host user account which is in the apache root path to my site).

    This is distressing. I know for a FACT that the site worked yesterday. I have (as my host's support staff suggested, and as I would have done anyway) checked both the entire admin folder (downloading and searching in files) and the configuration file in the store includes and both indicate the proper username (there is no reference to <BADUSER> in any file. I also searched the database in phpmyadmin and there is no reference to <BADUSER> in there either. I also used the Developer's Tool Kit in the admin area to search all files for <BADUSER> and get no results.

    I'm going to let the support staff know about the result, but I was wondering if anyone here might recognize an issue they've seen before. I haven't updated anything since it worked yesterday, so I'm feeling like making my host company did some work on the server and they are the cause... I'm assuming that attempting to create a "tmp/20080917-092603-<IP>-request_body-GqdtBU" is normal? I've never known the store to create files when updating SQL, but I've never really looked into that area.

    I actually just got the idea to check my OLD store (which is still up on the site, but is in maintainance mode - the above issue was with a new store on the same account, but in a different folder). My old store has the same issue right now, so it seems server-side; I'm just not sure what it is.
    Last edited by TheHYPO; 17 Sep 2008 at 05:22 PM.

  9. #19
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: 403 Forbidden error when updating product

    [Wed Sep 17 09:26:03 2008] [error] [client <IP>] mod_security: Access denied with code 403. read_post_payload: Failed to c reate file "/home/<BADUSER>/tmp/20080917-092603-72.12.208.111-request_body-GqdtBU" because 13("Permission denied") [severity "EMERGE NCY"] [hostname "www.<mydomain>.com"] [uri "/<admin folder>/categories.php?action=insert_category&cPath="]
    The above states that someone tried to create a file within a dir. that does not belong to you. If the [client <IP>] used is your IP (as provided by your ISP) then things have changed and you need to find out more.


    This error is simply stating you have no 403.shtml page.

    [Wed Sep 17 09:26:03 2008] [error] [client <IP>] File does not exist: /home/<MYUSER>/public_html/403.shtml

    You should confirm that your two config files have not changed and/or could be mySQL related as in something changed within your database; possibly a mySQL Injection hack. All good reasons to discuss the situation further with your Hoster.

  10. #20
    Join Date
    Jan 2006
    Posts
    117
    Plugin Contributions
    0

    Default Re: 403 Forbidden error when updating product

    Quote Originally Posted by Website Rob View Post
    The above states that someone tried to create a file within a dir. that does not belong to you. If the [client <IP>] used is your IP (as provided by your ISP) then things have changed and you need to find out more.
    I believe the IP is that of my the hosting company support guy who I'm sure had to test it for himself to confirm that I'm not incompetent in clicking submit buttons. It is not my IP.

    My question is that the error says "Failed to c reate file "/home/<BADUSER>/tmp/20080917-092603-<IP>-request_body-GqdtBU" - is the creation of such a file something zencart would normally do (but on my site's path)? Or should it not be trying to create a file at all? IE: should I be looking for why it's trying the wrong path, or in why it's even trying to create a file?

    You should confirm that your two config files have not changed and/or could be mySQL related as in something changed within your database;
    I see no evidence of change in these files. I should note that my new site is still under construction; it is in a path I have not publicized, and I have used .htaccess to block all access from all but my IP, so no one should even know it is there to hack, let alone have access. Also, as mentioned, it has occured on my live store (which is down for maintainance, as my new one was SUPPOSED to be ready to launch today or tomorrow). A new development is that I've also got a simliar issue now occuring on my blog on the same site (when attempting to upload an image, I get the same forbidden message).

    possibly a mySQL Injection hack. All good reasons to discuss the situation further with your Hoster.
    I am still in connection with them; their initial (and stubborn) reaction is that it has all the earmarks of a Coding error, yet I have done a search and found no reference to <BADUSER> in any files or any database.

    I'm not familiar with the mySQL injection type of hack, but I assume that simply means someone has put some bad data in my database? I would assume it would have to include the bad user's path which I searched for in my database and did not find any evidence of.

    If someone did hack my site, They would have to have hacked my old store, new store and blog - all three have separate databases with unique access name and passwords, plus the aforementioned protection on my new store's directory. It seems unlikely to me. No files indicate having been modified in the last week either. Everywhere where my Proper User path should be in zencart (based on the copies on my hard drive) are set the same online.
    Last edited by TheHYPO; 18 Sep 2008 at 06:18 AM.

 

 
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 23 Mar 2015, 01:46 PM
  2. '403 Forbidden Error' when trying to download product
    By rlfreshwater in forum Setting Up Categories, Products, Attributes
    Replies: 2
    Last Post: 13 Sep 2008, 08:45 PM
  3. 403 forbidden error when trying to access admin
    By jsiperko in forum Basic Configuration
    Replies: 1
    Last Post: 13 Jun 2006, 02:56 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR