OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Forbidden access when saving or editing information

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Forbidden access when saving or editing information

Postby CarlosLlongo » Fri May 31, 2013 1:41 pm

Hello!

So today we tried to upload the 5th number of our journal. We uploaded the previous numbers without any problems, always using the Quick Submit Plugin. This time, when pressing the save button, the following message appeared:

Code: Select all
Forbidden: You don't have permission to access /ojs/index.php/adcomunica/manager/importexport/plugin/QuickSubmitPlugin/saveSubmit on this server.


Not only that, but once this message appeared, we were unable to access any of the journal pages for several minutes from our IP address. Even from different computers and browsers we got a timeout trying to access the server. And even if we tried to access the FTP where the OJS is located, we got a "Connection timed out" error. That makes me think that somehow once we do an action in these manager pages, the server goes on total lockdown for our IP. We where able to continue accessing the OJS from a mobile phone or through a proxy.

As the day has gone on, we have tried more actions on the OJS and most of the ones that try to upload or modify a journal or even user data, end up giving the "Forbidden" error.

I have read other threads about "Forbidden" problems and one common solution is to disable the mod_security in Apache. We don't really have access to the server, since the hosting is managed by another company, so I'm not really sure if disabling mod_security will be an option. Is there an alternative way of solving the problem?

I also read that it was a good idea to enable stacktrace, but because after the "Forbidden" error I lose access to the server, I can't really see if the stacktrace was printed. Is there another way of reading the stacktrace, like an error log file or something similar?

My OJS version is 2.3.7.

Cheers!
CarlosLlongo
 
Posts: 10
Joined: Mon Jun 25, 2012 8:55 am

Re: Forbidden access when saving or editing information

Postby asmecher » Fri May 31, 2013 2:04 pm

Hi CarlosLlongo,

This is almost certainly related to an errant firewall or mod_security rule. It likely won't appear in your Apache logs and certainly won't appear in your PHP logs. Unfortunately you'll have to take it up with your hosting company, as there's nothing you can do at the application level without more information. The good news is that it's pretty obviously a problem at the ISP's configuration level, and fortunately it's the kind that can be tweaked without a lot of potential for collateral damage. They should also have very clear information in their logs on what rule was triggered. If they're able to clarify what rule was triggered, we can look at application-level changes, but if they're arbitrary (i.e. don't make a lot of logical sense) we're unlikely to change the application for the sake of this ISP.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8869
Joined: Wed Aug 10, 2005 12:56 pm

Re: Forbidden access when saving or editing information

Postby CarlosLlongo » Mon Jun 03, 2013 3:16 am

Hi Alec,

Thanks for your fast reply. We got in contact with our hosting provider this weekend and we were told that the mod security rule had been recently updated. We told them the situation and after it was reverted, everything is working fine again.

Cheers!

Carlos.
CarlosLlongo
 
Posts: 10
Joined: Mon Jun 25, 2012 8:55 am


Return to OJS Technical Support

Who is online

Users browsing this forum: Google [Bot] and 5 guests