XF 2.2 403 Error when editing footer

EdBoi

Member
Editing the footer, using xenFocus Novus theme, not sure if that matters. What can I do to allow myself access to do this?

352d4f6bd5cdc41dfbad7ce77689bde9.png

https://gyazo.com/352d4f6bd5cdc41dfbad7ce77689bde9
 

Jeremy P

XenForo developer
Staff member

If it's a 403 Forbidden error then it will likely be due to a server side security mechanism such as ModSecurity, mod_evasive, or similar.
It could even be something like the Wordfence add-on for WordPress.
Contact your host and ask them to whitelist whichever rules are being triggered, or to disable the mechanism.
 

EdBoi

Member
Yes, I did, the live chat was not able to help, so I've created a ticket. I know this is a server issue but we have not been able to fix it so far so I've created this thread.

Here's a log of our conversation in chat.
Brief description of your inquiry:
403 error when editing a theme in xenforo admin cp, I think it's related to chmod permissions.
Show less

host 08:12 PM
Thank you for contacting ScalaHosting, kyle. My name is George E and I’ll be assisting you.

me 08:12 PM
https://gyazo.com/249bfd8f54fa1a97a0f17ef48a1f083e.png

host 08:13 PM
Hello, which is the site in question?
me 08:13 PM
monetizemb.com

host 08:13 PM
Chcking
me 08:13 PM
Okay thank you!

host 08:16 PM
Ok, can you try again?
me 08:17 PM
Yea I just did, I've got the same error

host 08:18 PM
All permissions for the site in the file system are the correct ones
me 08:23 PM
Okay.. Is there any kind of reset or something we can try to get it to work? I'm only getting this error when I try to edit the footer of this theme.. all the other theme options I can edit..

I think the only other way for me to be able to edit it if this doesn't get fixed would be to try to edit the theme files myself which I'm not good at, and may cause issues in the future when I need to update the footer..

If it would help, I could create an admin account on the forum for Scala support to analyze this?

host 08:28 PM
So this problem comes only when you edit the theme's footer? What is the CMS of the website?
me 08:29 PM
Yes only when I edit the themes footer. The CMS is xenForo

The theme I'm trying to edit is MMB (default) - The parents theme Novus is also have the same issue

host 08:34 PM
Okay, there was a modsecurity rule that was triggering the error. I have allowed it now, so please test it gain
me 08:35 PM
ok 1 sec

I'm still having the same error :/

host 08:40 PM
Right, there was another rule, which I have now allowed as well, so please try once more
me 08:42 PM
I'm still having the same error ://

host 08:45 PM
Right, well I'm not familiar with xenForo and the way it works. I have checked the permissions and the ownership of the files for it in the file system and they have the correct details on the permissions - 644 for files and 755 for folders. I have checked the error log for monetizemb.com on the server and only got the 2 modsecurity rules that were triggering the 403 error, which I have now allowed for the site.

There are no more errors that show up, server-end
me 08:52 PM
If it's a 403 Forbidden error then it will likely be due to a server side security mechanism such as ModSecurity, mod_evasive, or similar. - I just found that trying to find a solution, did you by chance check Mod_evasive? Im not familiar with that term...

I appreciate your time and help!

Contact your host and ask them to whitelist whichever rules are being triggered, or to disable the mechanism.

host 08:53 PM
The xen-foro has its own support community, please check with them regarding the error and the reason for it and if it is something that is server-side, please contact us again so that we could fix it. At present, the only things that could trigger those 403 errors were the modsec rules, which have been allowed. Mod_evasive does not register any errors or deny codes
me 08:53 PM
https://xenforo.com/community/threa...details-may-be-in-the-browser-console.191431/

That's what I was reading.

host 08:56 PM
Yes, I have whitelisted the rules, but you say that the error is still there. Perhaps it would be better to create a ticket so that the sysadmins can look into it\
 
Top