XF 2.2 FURL error 403

[MR X]

XENFORO= v2.2.12
apache 2.4.54
root using AAPANEL
PHP 8.0
I'm my own host now.

we recently switched to hetzner server and went with Cloudflare for security, I'm not really sure how to go about troubleshooting this.
we disabled all addons but i did google that the 403 is a server issue.

 

[mattrogowski]

Hard to diagnose if nobody can reproduce not knowing the URL, but if the remote website you're trying to fetch metadata from is returning a 403 there's probably not a lot you can do about it, for whatever reason they're sending a 403 response and you can't change that from your side. It may be because it's detected a request from a certain datacenter that it's blocked in case it's being used to attack the site or something, though maybe not if you're using Cloudflare. Either way, you can't control what their server responds with and can't confirm if it happens without the URL. Do other URLs work?

 

[MR X]

Hard to diagnose if nobody can reproduce not knowing the URL, but if the remote website you're trying to fetch metadata from is returning a 403 there's probably not a lot you can do about it, for whatever reason they're sending a 403 response and you can't change that from your side. It may be because it's detected a request from a certain datacenter that it's blocked in case it's being used to attack the site or something, though maybe not if you're using Cloudflare. Either way, you can't control what their server responds with and can't confirm if it happens without the URL. Do other URLs work?

REMOVED is the url, i had to check tos/rules on xenforo but this site is 18+

post will be removed after some time.


no urls on the site work for unfurl.

our htaccess file content

Spoiler: htaccess

# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo

# This line may be needed to workaround HTTP Basic auth issues when using PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>

<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2628000, public"
</filesMatch>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
</IfModule>

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 32M
php_value post_max_size 10M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php80"
php_value upload_max_filesize 10M
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 32M
php_value post_max_size 10M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php80"
php_value upload_max_filesize 10M
php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit


RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]


<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 104.21.21.126
deny from 45.139.122.160
deny from 104.21.75.237
deny from 13.226.39.60
deny from 5.255.255.55
deny from 172.67.6.48
deny from 111.90.143.150
deny from 172.67.198.159
deny from 5.255.255.80

The ips in that file are of spam sites that love to hit my site.

 

[TPerry]

I think what he was talking about was more the URL to where you are getting that 403 error on your site at, not so much your site itself.
When you get a 403 error like that... usually the blocking of the ability to access the resources is on the site you are linking to.
I know at one point I had a site that was linking directly to multiple images on my server...I simply redirected all their inbound traffic to return an image chastising them instead. But if I had not done that, I could have simply blocked their access and they would get a 403 error.

 

[mattrogowski]

Yes, your site is requesting theirs and their server is responding with a 403, your htaccess has nothing to do with it.

REMOVED

It can't be accessed with cURL at all, so nothing you can do. If other sites are of a similar nature, they probably block these requests so they don't get scraped. So nothing you can do about it.

 

[Paul B]

I have edited 2 posts to remove links and references to an inappropriate site.

The rules exist for a reason - please ensure you follow them to avoid warnings and restrictions.

 

[MR X]

I have edited 2 posts to remove links and references to an inappropriate site.

The rules exist for a reason - please ensure you follow them to avoid warnings and restrictions.

hmm thought i was following it my bad.