[Solved] http error 403 on certain dashboard changes
Permalink
When I apply certain changes in the Dashboard, like deleting a user or activating a theme, I get http error 403 from the webserver:
"You don't have permission to access /dashboard/pages/themes/activate_confirm/2/1310933845:c985d92a37e56dacd2f0dd6400f2c1c0/ on this server."
Url rewriting is working fine, though when I disable pretty urls and remove the rewrite lines from the apache config and reload apache, it still tries to fetch some pretty urls, which leads to error 404's.
But that's not my main concern right now, unless it's linked to the error 403's.
I've set all directory permissions to 755 and all files to 644, with the owner and group set to the same as the apache process, yet still it keeps giving 403 errors.
I can see the errors in the server logs too, but they don't give me any clue as to why it's denying the requests.
After trying to solve this problem for several hours now I'm hoping maybe someone here can help me, because I'm about to pull out the last few hairs that I still have.. ;)
--Update 18-07--
I started again with an empty database and a fresh Concrete install, which is working fine without pretty urls now, but I still get the error 403 when I try to activate a theme.
As the installer suggested I did a
chmod 775 config/ packages/ files/
and
chmod 755 concrete/libraries/3rdparty/htmldiff.py
--Update 21-07--
I've done some testing and noticed these results:
* Renamed index.php, and got error 404 in all cases.
* Emptied index.php, and got error 403 with the problematic url, and just a blank page with all others.
* Removed the colon from the problematic url, and got the appropriate Dashboard page with an error message about wrong arguments.
So it seems that the colon in the url is causing this problem.
I'm searching the web for more info right now.
--Update 25-07-2011--
I finally solved the problem. Look at my reply below for the solution.
"You don't have permission to access /dashboard/pages/themes/activate_confirm/2/1310933845:c985d92a37e56dacd2f0dd6400f2c1c0/ on this server."
Url rewriting is working fine, though when I disable pretty urls and remove the rewrite lines from the apache config and reload apache, it still tries to fetch some pretty urls, which leads to error 404's.
But that's not my main concern right now, unless it's linked to the error 403's.
I've set all directory permissions to 755 and all files to 644, with the owner and group set to the same as the apache process, yet still it keeps giving 403 errors.
I can see the errors in the server logs too, but they don't give me any clue as to why it's denying the requests.
After trying to solve this problem for several hours now I'm hoping maybe someone here can help me, because I'm about to pull out the last few hairs that I still have.. ;)
--Update 18-07--
I started again with an empty database and a fresh Concrete install, which is working fine without pretty urls now, but I still get the error 403 when I try to activate a theme.
As the installer suggested I did a
chmod 775 config/ packages/ files/
and
chmod 755 concrete/libraries/3rdparty/htmldiff.py
--Update 21-07--
I've done some testing and noticed these results:
* Renamed index.php, and got error 404 in all cases.
* Emptied index.php, and got error 403 with the problematic url, and just a blank page with all others.
* Removed the colon from the problematic url, and got the appropriate Dashboard page with an error message about wrong arguments.
So it seems that the colon in the url is causing this problem.
I'm searching the web for more info right now.
--Update 25-07-2011--
I finally solved the problem. Look at my reply below for the solution.
After comparing my config with the system default and a lot of tinkering, I found the cause was in a blocklist I had in the Apache config:
D'oh!
Well, at least it works again now..