XF 2.2 Node permission update error 403 Plesk control panel ModSecurity fix

frm

frm

Well-known member
Running XF 2.2.9 with no add ons

I go to ACP > Forums > Node permissions > Select the forum node > "Registered" > Apply "no" to "Post new thread" as I want only admins/mods to post there.

1706243348124.webp

Code: 
Failed to load resource: the server responded with a status of 403 ()
Code: 
PHP: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache Server at www.abcxyz.com Port 443</address>
</body></html>

defaultAjaxError @ core-compiled.js?_v=658dedce:42

This then makes the website inaccessible (the server is fine, but the site is still inaccessible after restarting Apache) for anywhere from 1 to 10 minutes.
 
Sort by date Sort by votes
Paul B

XF 2.2 Thread 'Oops! We ran into some problems. Please try again later. More error details may be in the browser console.'

This comes up time and time again so a sticky thread is in order.

If you encounter this error message and you are using a computer (rather than a mobile device), access the browser console (F12 if using Windows / Chrome).

Select the Console tab and there should be an error message displayed, something like this:

403_error.png

Code: 
Failed to load resource: the server responded with a status of 403 (Forbidden)

PHP: <!DOCTYPE HTML PUBLIC "-//IETF//DTD        core-compiled.js?_v=4282e784:42
HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't...
  • Like
 
Upvote 0 Downvote

Resolved for Plesk​


For those using Plesk, CWAF needs to be deactivated.

1706247162978.webp

Steps:
  1. Tools & Settings
  2. Under "Security": Web Application Firewall (ModSecurity)
  3. See screenshot above; check CWAF from the list under "Active" to deactivate it.
 
Upvote 0 Downvote
I ran into this too, except with a friend's Wordpress site (on the same server). But it would make ALL sites on the server unavailable for 10 mins. Disabled mod security, and it fixed it....
 
Upvote 0 Downvote
You must log in or register to reply here.
Top Bottom