XF 2.2 User not able to log in - you don't have permission to access this resource

[oldford]

I have one specific user that can't log in. They get this error message:

403 Forbidden

Forbidden

You don't have permission to access this resource.

If I try logging in as them (he gave me his password) I get the same error. But I'm able to log in as me and a few test accounts just fine.

So I'm sure there's something odd with his account not allowing him permissions, but I can't find it. His user state is valid. He's not banned. No security lock. Analyzing permissions doesn't show anything weird.

Any thoughts? Thanks!

 

[Paul B]

It's a server issue.

If it's a 403 Forbidden error then it will likely be due to a server side security mechanism such as ModSecurity, mod_evasive, or similar.
It could even be something like the Wordfence add-on for WordPress.
Contact your host and ask them to whitelist whichever rules are being triggered, or to disable the mechanism.

 

[oldford]

I did see that about 403 Forbidden errors, but I don't understand how that's affecting only one username. It affects me only when I try to log in as that user, but I can log in as other users just fine.

Also, in order to tell my host, how do I determine which rules are being triggered or which mechanism to disable?

 

[oldford]

So if I change the username of his account I can log in just fine. What's going on?

original username: ponyboy - can't log in
change to ponybo - I can log in fine
change to pony boy - I can't log in
change to pony-boy - I can't log in
change to pony8boy - I can't log in
change to ponyoboy - I can log in fine

Does this mean there's some rule on my server blocking that combination of words?

 

[Paul B]

Does this mean there's some rule on my server blocking that combination of words?

Yes.

 

[oldford]

OK, thanks. Never had that happen in 20+ years of running my forums. I'll reach out to my host.