1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Somes users can't post

Discussion in 'Troubleshooting and Problems' started by RobParker, Apr 22, 2012.

  1. RobParker

    RobParker Well-Known Member

    Since moving server we're having a few users complain about not being able to post, with it stating that they don't have permission to access the page when they click submit.

    Is it possible to rebuild the user permissions and does this sound like it might be the cause?

    Cheers

    Rob
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Ask them to clear their browser cache.
    If it's only affecting a handful of users then it is more than likely local to them.
     
  3. RobParker

    RobParker Well-Known Member

    Yeah I thought it might be something like that, will report back.

    The other thing I wondered was whether it could be their session activity in the database.
     
  4. RobParker

    RobParker Well-Known Member

    That didn't seem to help.

    They're seeing:

    "The following error occurred"
    "Forbidden"
    "You don't have permission to access /index.php on this server"
    "Apache server at mydomain.co.uk Port 80 "
     
  5. RobParker

    RobParker Well-Known Member

    It looks like something is tripping mod_security rules

    We got this from our host:

    Access denied with code 403 (phase 2). Pattern match "(?:(?:height|width) ?(?:=|\\:) ?[0-9] ?px|overflow ?: ?(?:auto|hidden)|style ?= ?"? ?display ?: ?none ?)" at ARGS:message_html. [file "/blah/apache2/conf/modsecurity.d/30_asl_antispam.conf"] [line "167"] [id "300076"] [rev "22"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Hidden Text Detected"] [data "width: 0px"] [severity "CRITICAL"] [hostname "domain.co.uk"] [uri "/index.php"] [unique_id "T5VpKUMWgKAABvlkxAYAAAAZ"]

    Any idea what it might be? I'm guessing it might be the PostRatings addon...?
     
  6. RobParker

    RobParker Well-Known Member

    Ah it looks like it might be this:

    .PanelScroller .navControls a.current span
    {
    display: block;
    line-height: 0px;
    width: 0px;
    height: 0px;
    border-top: 5px solid @primaryLighter;
    border-right: 5px solid transparent;
    border-bottom: 1px none black;
    border-left: 5px solid transparent;
    position: absolute;
    }

    What exactly is the width: 0px doing?
     
  7. RobParker

    RobParker Well-Known Member

    and this

    .messageUserBlock .arrow
    {
    position: absolute;
    top: 10px;
    right: -10px;

    display: block;
    width: 0px;
    height: 0px;
    line-height: 0px;

    border: 10px solid transparent;
    border-left-color: @messageUserBlock.border-color;
    border-right: none;

    /* Hide from IE6 */
    _display: none;
    }
     
  8. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    403 is a server error.

    I have seen overly restrictive mod_security rules that flag the content of some posts. If that is the problem then you need to ask your host to relax the rules. If you can narrow it down to a specific word or phrase that is triggering the error then that will help your host.
     
  9. RobParker

    RobParker Well-Known Member

    Cheers Jake

    Maybe I wasn't clear but it's the rule I posted above.

    Access denied with code 403 (phase 2). Pattern match "(?:(?:height|width) ?(?:=|\\:) ?[0-9] ?px|overflow ?: ?(?:auto|hidden)|style ?= ?"? ?display ?: ?none ?)" at ARGS:message_html. [file "/blah/apache2/conf/modsecurity.d/30_asl_antispam.conf"] [line "167"] [id "300076"] [rev "22"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Hidden Text Detected"] [data "width: 0px"] [severity "CRITICAL"] [hostname "domain.co.uk"] [uri "/index.php"] [unique_id "T5VpKUMWgKAABvlkxAYAAAAZ"]

    "Hidden text detected" and I think it's because some of the CSS has "width: 0px" but I can't find out exactly which bit.

    One of the entries was caused by the message_user_info arrow which our style was hiding but that's still not fixed it.
     
  10. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    You should still contact your host.

    Does it happen with all posts? Try to narrow down the word or phrase that causes the error. Or just ask your host to disable mod_security.
     
  11. RobParker

    RobParker Well-Known Member

    I've been in touch with our host and they've disabled the above "hidden text" mod_security rule and the problem goes away. They turn it back on and it comes back so it's definitely just the above rule.

    Our hosts are reluctant to permanently disable the rule (but will if we require it). I'd rather try to find a solution and work out which bit of our code is causing it. It looks like it's the "width:0px" bit of code which we have in a few places but the fact it doesn't happen for all users makes this much more difficult to track down.
     
  12. mrGTB

    mrGTB Well-Known Member

    With some host you cannot disable mod security via the htaccess file. Some require it to be done at server level (their end). So you might have no option but for them to do it for you, as doing it via XenForo htaccess may make no difference at all, with it still being active.

    Just something worth pointing out.
     
  13. RobParker

    RobParker Well-Known Member

    Sorry maybe I'm not being clear. We don't want to disable mod_security (for the obvious security reasons).

    Our hosts will disable the rule causing the problem but we'd much rather find the problem in our templates/CSS.
     
  14. Allan

    Allan Well-Known Member

    Hi, did you find a solution in your templates?
     
  15. RobParker

    RobParker Well-Known Member

    Sorry it was so long ago I really don't remember.
     

Share This Page