You don't have permission to access /index.php/
For instance changing the facebook url:
You don't have permission to access /index.php/dashboard/system/basics/social/edit_link/1 on this server.
Adding a user:
You don't have permission to access /index.php/dashboard/users/add/submit on this server.
Editing the Pure Cookie notice:
Forbidden You don't have permission to access /ccm/system/dialogs/page/add_block/submit
I am able to upload pictures, but after adding a image block, a click on the Choose Image button a progress bar begins to slide but nothing happens.
Only install Neat theme and Pure Cookie add-ons.
Running on Core 8.4.3, Apache 2.4.25, PHP 7.0.33
However, doing a grep -i -r "mod_security" * or grep -i -r "security" * in /etc/apache2/ (on Debian 9.6) gives no result.
Also apt shows libapache2-modsecurity as not installed.
apt-cache policy libapache2-modsecurity libapache2-modsecurity: Installed: (none) Candidate: 2.9.1-2 Version table: 2.9.1-2 500
So I guess the problem is elsewhere.
I deployed another test project using
composer create-project -n concrete5/composer test
RewriteRule (.*) - [E=Cache-Control:no-cache]
If you are using the pretty urls code you can place this line just before
# -- concrete urls end --
I already had all caching and compressing disabled in the optimization page.
As per your suggestion I added the RewriteRule (.*) - [E=Cache-Control:no-cache]line.
And also did a clear cache. Closed Firefox, switched to Chrome toe be sure cache is empty.
Sadly all that did not solve the problem.
I am trying to find a pattern is what is working and what is not, but it is not clear to me.
Adding a group is no problem, but adding a user is.
Setting the site name is no problem. The browser url shows: /index.php/dashboard/system/basics/name
But adding or changing a Social link is.the browser url shows: /index.php/dashboard/system/basics/social/edit/1
Setting a favicon works: /index.php/dashboard/system/basics/icons
Adjusting the Rich Text editor fails: /index.php/dashboard/system/basics/editor/submit
Setting the language works: /index.php/dashboard/system/basics/multilingual
Setting the timezone works: /index.php/dashboard/system/basics/timezone
Reset edit mode works: /index.php/dashboard/system/basics/reset_edit_mode
Setting Public registration works: /index.php/dashboard/system/registration/open
Define Login Destination works: /index.php/dashboard/system/registration/postlogin
Adding a user fails: /index.php/dashboard/users/add/submit
Adding a group is ok: /index.php/dashboard/users/groups/group_added
Is it normal to have index.php in all these pages while having pretty url's enabled?
I was looking in the wrong direction: I suspected my installation of the lamp server or Concrete5.
But the problem is the Sophos UTM web application firewall in front of the web server.
Changed the Firewall profile from basic to none and all of a sudden all Concrete5 problems are solved. So I have to create a dedicated profile for Concrete5 later.