XF 2.2 you don't have permission

DevBest

DevBest

New member
Hi Folks,

I have a little weird problem.
I have my forum in maintance mode.
When it is in maintance mode and i want to access the website on my mobile (i tried safari, google, firefox) it tell me FORBIDDEN - You don't have permissions to access this resource. if i put /index.php after it it appear! And when I login at that point with my admin account it is accessible without the /index.php 🤷‍♂️But When i put my forum out of the maintance (forum online) mode it is working normally. should there be something wrong with the .htaccess file?

Thanks :D
 
Last edited:
Solution
Black Tiger
DevBest said:
I had an other domain name before on the same server no issue at all. Now I’m busy making a new community and I have this issue
Click to expand...
Might be a cookie issue.
Try logging out, then remove all cookie's for your current and old domain name and forum and then try to login again and see if the issue persists.
Sort by date Sort by votes
Are you using the shipped .htaccess and make sure your root location is correct?
Of so, then there should not be any issues if you are on an Apache HTTP server.
If you are on nginx or OpenLightSpeed, then you can't rely on .htaccess.
 
Upvote 0 Downvote
Tracy Perry said:
Are you using the shipped .htaccess and make sure your root location is correct?
Of so, then there should not be any issues if you are on an Apache HTTP server.
If you are on nginx or OpenLightSpeed, then you can't rely on .htaccess.
Click to expand...
Well I don’t know what is wrong this time.
I had an other domain name before on the same server no issue at all. Now I’m busy making a new community and I have this issue
 
Upvote 0 Downvote
DevBest said:
I had an other domain name before on the same server no issue at all. Now I’m busy making a new community and I have this issue
Click to expand...
Might be a cookie issue.
Try logging out, then remove all cookie's for your current and old domain name and forum and then try to login again and see if the issue persists.
 
Upvote 1 Downvote
Solution
Tracy Perry said:
Are you using the shipped .htaccess and make sure your root location is correct?
Of so, then there should not be any issues if you are on an Apache HTTP server.
If you are on nginx or OpenLightSpeed, then you can't rely on .htaccess.
Click to expand...

Open Litespeed works fine with the Xenforo .htaccess file and mod_rewrite rules in general. It doesn't support things like resource authentication via .htaccess like Apache does, but they've gone to great lengths to be compatible with rewritecond/rewriterule. :-)
 
Upvote 0 Downvote
MySiteGuy said:
Open Litespeed works fine with the Xenforo .htaccess file and mod_rewrite rules in general. It doesn't support things like resource authentication via .htaccess like Apache does, but they've gone to great lengths to be compatible with rewritecond/rewriterule
Click to expand...
Was specifically referring to having the .htaccess in the directory and expecting to work as it does with Apache. nginx and OLS require a different approach. OLS may have changed that, but last time I used it you had to use the GUI to do your rewrites in... granted, they did use (mostly) Apache sytnax.
 
Upvote 0 Downvote
We have same error message - but only when trying to open specific posts or media items - very strange.
Yesterday we tried adding a media item with a description "if looks could kill" and it was immediately rejected with the message:

Forbidden​

You don't have permission to access this resource.

However, a second attempt to add the same media item without that description worked fine.
Could there be some AI screening and blocking taking place? Where?

We now have some posts blocked, and quite a few media items blocked that were previously available.
An old backup copy of our forum has the same issue for the same items, so it doesn't seem to be corruption.
However we cannot open the affected items to see what might be causing the problem!

All our users have the same experience with the same items - irrespective of their access rights - some are "registered" others are "admin or moderators". Same problem whatever browser or platform is used.
The problem was first noticed a few months ago when we were using the previous release, we are now on latest releases for XF2 and XFMG.

Our forum is hosted by Hostwinds, with a server in Holland.

Clues very welcome! 1984??? Brave New World???
 
Last edited:
Upvote 0 Downvote
That message comes from your web server so you would need to check the web server log to see what's causing it. More than likely just some overzealous firewall (kill is a command on many servers).
 
Upvote 0 Downvote
I got nowhere with that. Hostwinds tell me we cannot access or modify the ModSecure rules in their shared hosting environment.
It seems the only route forward is to move to a dedicated or VPS environment, and that is now our plan...
Haven't others suffered from this "false Error 403" problem?
We now have problems with photos which have any of the following words in their description:

Where?
When?
Kill
and
&
 
Upvote 0 Downvote
Mikethemix said:
Hostwinds tell me we cannot access or modify the ModSecure rules in their shared hosting environment.
It seems the only route forward is to move to a dedicated or VPS environment, and that is now our plan...
Click to expand...
It is a hosting issue and as you stated, the only way to apparently resolve it is to move. You do not have to go to a VPS or a dedicated unless you desire to though. There are plenty of hosting providers out there that know what they are doing and willing to work with you.
This is one that I can whole heartedly recommend as being a hosting provider that knows XenForo.
MattW

Thread 'mattwservices.co.uk - Server Configuration / Hosting / Support'

I've not really put anything on here to advertise myself before, as people have just been contacting me to request work be done.

Here is what I'm available to do.

Server Management Services
  • Server Configuration (CentOS / Cpanel)
    • Apache setup
    • Nginxcp setup
    • Switch MySQL to Percona / MariaDB
    • Memcache / Memcached Installation
    • APC installation
    • Xcache Installation
    • DNS set up
  • Server Migration
    • Cpanel to Cpanel
    • None standard migration, including full remote backup and migration (files and databases)
  • Server Setup (CentOS with...
  • Like
 
Upvote 0 Downvote
Thanks - we are now planning to move to VPS since we also want to implement enhanced search and that should sort this issue too.
Pheew, good to have a plan!
We are now in touch with Matt and he is advising us. Clearly a good guy:)

Regards,
Mike
 
Upvote 0 Downvote
TPerry said:
Was specifically referring to having the .htaccess in the directory and expecting to work as it does with Apache. nginx and OLS require a different approach. OLS may have changed that, but last time I used it you had to use the GUI to do your rewrites in... granted, they did use (mostly) Apache sytnax.
Click to expand...

OLS has supported .htaccess rewrite rules for as long as I remember. It doesn't support other .htaccess directives, which aren't used nearly as often as rewrites. Non-rewrite directives require using the GUI or editing config files directly. Paid Litespeed has .htaccess support beyond the rewrites.

OLS works fine with Xenforo's .htaccess file, I have my own and dozens of clients running with it.

Mikethemix said:
Thanks - we are now planning to move to VPS since we also want to implement enhanced search and that should sort this issue too.
Pheew, good to have a plan!
We are now in touch with Matt and he is advising us. Clearly a good guy:)

Regards,
Mike
Click to expand...

Have you edited .htaccess to block mod_security? Its documented at the top of this file, simply remove the leading # from those directives.
 
Upvote 0 Downvote
MySiteGuy said:
OLS has supported .htaccess rewrite rules for as long as I remember. It doesn't support other .htaccess directives, which aren't used nearly as often as rewrites. Non-rewrite directives require using the GUI or editing config files directly. Paid Litespeed has .htaccess support beyond the rewrites.
Click to expand...
It's been several years since I used it... and when I started, you had to do your .htaccess stuff (other than simple re-writes) within the GUI. And if you were going to do one section of normal .htaccess in the GUI, it was simpler to do it all there since it would be in one place.
It was one of the differences between it and the Enterprise version of LS (and what they used to push for LS over OLS). I remember there was talk about eventually supporting it fully natively.
 
Upvote 0 Downvote
Yeah, they added native support but I don't recall when (years). They made a big push to roll out features, and fix long standing OLS bugs as they started ramping up their CyberPanel product. OLS has gone from a product I wouldn't use in production to my top choice, beating Nginx in my performance testing, especially when it's a smaller VPS.

Also, one minor difference is OLS doesn't apply changes to .htaccess immediately. It polls every minute or so for changes. I do a quick "systemctl restart lsws" if I need it to take effect immediately.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

oldford
  • Question Question
XF 2.2 User not able to log in - you don't have permission to access this resource
Replies
5
Views
450
oldford
oldford
Peter Cox
  • Question Question
MG 2.2 "You don't have permission to access this resource"
Replies
6
Views
639
Peter Cox
Peter Cox
STORM0x04
  • Solved
Im new here but i don't have permissions
Replies
3
Views
526
Paul B
P
Dawson
  • Question Question
XF 2.2 Updating Forbidden You don't have permission to access this resource. error
Replies
4
Views
1K
phtvs
phtvs
cdub
  • Solved
XF 2.2 If a user gets @ tagged in a forum that is private that they don't have permission to see...
Replies
2
Views
267
cdub
cdub
Back
Top Bottom