Post by niczous » Mon Jan 25, 2021 7:48 pm

Greetings!

Hi,

I have this 403 Forbidden Error every time I edit a Customer (with multiple addresses). And I noticed that this has also been happening if I tried to edit Geo Zones.

Have you guys ever experienced this? And what should I do to stop this error?

Thank you in advance.

Attachments

Screen-Shot-2021-01-25-at-7.38.54-PM.jpg

Screen-Shot-2021-01-25-at-7.38.54-PM.jpg (176.21 KiB) Viewed 787 times

Screen Shot 2021-01-25 at 7.35.49 PM.png

Screen Shot 2021-01-25 at 7.35.49 PM.png (236.59 KiB) Viewed 787 times


Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by ADD Creative » Mon Jan 25, 2021 8:25 pm

Looks like a false positive from a web application firewall, such as ModSecurity. Check your hosting control panel or ask your host.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by niczous » Tue Jan 26, 2021 11:31 am

ADD Creative wrote:
Mon Jan 25, 2021 8:25 pm
Looks like a false positive from a web application firewall, such as ModSecurity. Check your hosting control panel or ask your host.
Hi ADD Creative!

Thank you for your reply. I have tried turning off ModSecurity on cPanel but it still happens. :'(

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by paulfeakins » Tue Jan 26, 2021 6:42 pm

niczous wrote:
Tue Jan 26, 2021 11:31 am
Thank you for your reply. I have tried turning off ModSecurity on cPanel but it still happens. :'(
It could be another firewall - ask your web host.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by mikeinterserv » Tue Jan 26, 2021 10:39 pm

paulfeakins wrote:
Tue Jan 26, 2021 6:42 pm
niczous wrote:
Tue Jan 26, 2021 11:31 am
Thank you for your reply. I have tried turning off ModSecurity on cPanel but it still happens. :'(
It could be another firewall - ask your web host.
Well generally a firewall is not going to allow the entire page to load, get as far as displaying the first 2 fields in the Malaysia geozone and then SUDDENLY say Oh no you have no permission to be here, so I personally don't think its a firewall issue.
Is the popup not just a customised 404 from the webserver ? Although it LOOKS like an OC popup

Are you doing stuff as an assigned API user otr are you using the default setting
Another thing - see if you can find the 403 status from your server log files
like 403.1 or 403.2 etc This will give you more info

Another thing that cropped up before
in OCadmin>settings>store>edit>server tab>ROBOTS LIST - try REMOVING the entry :bot - you can easily put it back if it makes no difference.

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by ADD Creative » Wed Jan 27, 2021 3:32 am

mikeinterserv wrote:
Tue Jan 26, 2021 10:39 pm
Well generally a firewall is not going to allow the entire page to load, get as far as displaying the first 2 fields in the Malaysia geozone and then SUDDENLY say Oh no you have no permission to be here, so I personally don't think its a firewall issue.
Is the popup not just a customised 404 from the webserver ? Although it LOOKS like an OC popup
From the screenshots it looks like it's blocking the AJAX requests, probably for the zone lookup. The firewall is probably seeing multiple zone lookups because of the number of addresses and entries in the Geo Zones list. Either the content of the request or the number and timing of the requests are triggering a false positive. The pop up is just a alert box generated on the AJAX call failing.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by mikeinterserv » Wed Jan 27, 2021 3:38 am

ADD Creative wrote:
Wed Jan 27, 2021 3:32 am
From the screenshots it looks like it's blocking the AJAX requests, probably for the zone lookup. The firewall is probably seeing multiple zone lookups because of the number of addresses and entries in the Geo Zones list. Either the content of the request or the number and timing of the requests are triggering a false positive. The pop up is just a alert box generated on the AJAX call failing.
I understand what your saying but there is next to nothing in that list for Malaysia and it doesn't do it on a much larger list of zones for another country.

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by ADD Creative » Wed Jan 27, 2021 3:43 am

mikeinterserv wrote:
Wed Jan 27, 2021 3:38 am
I understand what your saying but there is next to nothing in that list for Malaysia and it doesn't do it on a much larger list of zones for another country.
The response (i.e. the number of zones) is irrelevant. The firewall will be blocking due to the content or timing of the requests.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by mikeinterserv » Wed Jan 27, 2021 3:56 am

ADD Creative wrote:
Wed Jan 27, 2021 3:43 am
The response (i.e. the number of zones) is irrelevant. The firewall will be blocking due to the content or timing of the requests.
Surely this would then also happen in admin catalog and anywhere else a number of requests are made, but he reports no other problems other than customers with multiple addresses and the geozone related to Malaysia and those addresses.

It will be interesting if he comes back with more info.

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by ADD Creative » Thu Jan 28, 2021 7:37 pm

mikeinterserv wrote:
Wed Jan 27, 2021 3:56 am
Surely this would then also happen in admin catalog and anywhere else a number of requests are made, but he reports no other problems other than customers with multiple addresses and the geozone related to Malaysia and those addresses.

It will be interesting if he comes back with more info.
It will be the content of the requests that will be key. There will be something in the following that generates the false positive or the fact the exact same request if made multiple times. Nowhere else will be sending that request multiple times.

Code: Select all

admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129
Sadly it doesn't look like we will hear back from the original poster.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by niczous » Sat Jan 30, 2021 11:13 pm

Hi guys!

Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.

I am clueless now. I have also checked my other OC sites, this problem is also occurred.

I am still looking for possible solutions.

Thank you in advance.

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by mikeinterserv » Sat Jan 30, 2021 11:16 pm

niczous wrote:
Sat Jan 30, 2021 11:13 pm
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
OK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by ADD Creative » Sun Jan 31, 2021 9:30 pm

niczous wrote:
Sat Jan 30, 2021 11:13 pm
Hi guys!

Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.

I am clueless now. I have also checked my other OC sites, this problem is also occurred.

I am still looking for possible solutions.

Thank you in advance.
The 403 forbidden error your are receiving is generated by the server not OpenCart. Unless you have some modifications that change the way the Geo Zones are submitted, have related errors in you OpenCart or PHP error logs or you now have a different error, it's a sever issue not an OpenCart one. Most likely some sort of protection kicking in.

It's not uncommon, we once had a host that decided to block all the Googlebot IP addresses! It took a little while to work out what was going on.

If you look in the network tab of your web browser's development console or your server access logs. You should be able to see the URLs returning the 403 status. Likely to be.

Code: Select all

admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by niczous » Sun Jan 31, 2021 9:58 pm

mikeinterserv wrote:
Sat Jan 30, 2021 11:16 pm
niczous wrote:
Sat Jan 30, 2021 11:13 pm
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
OK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
Yes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.

I am using the latest Version 3.0.3.6.

Thank you.

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by niczous » Sun Jan 31, 2021 10:02 pm

ADD Creative wrote:
Sun Jan 31, 2021 9:30 pm
niczous wrote:
Sat Jan 30, 2021 11:13 pm
Hi guys!

Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.

I am clueless now. I have also checked my other OC sites, this problem is also occurred.

I am still looking for possible solutions.

Thank you in advance.
The 403 forbidden error your are receiving is generated by the server not OpenCart. Unless you have some modifications that change the way the Geo Zones are submitted, have related errors in you OpenCart or PHP error logs or you now have a different error, it's a sever issue not an OpenCart one. Most likely some sort of protection kicking in.

It's not uncommon, we once had a host that decided to block all the Googlebot IP addresses! It took a little while to work out what was going on.

If you look in the network tab of your web browser's development console or your server access logs. You should be able to see the URLs returning the 403 status. Likely to be.

Code: Select all

admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129
I see. I found some error log messages; one of them is

Code: Select all

[Sun Jan 31 17:13:58.063174 2021] [:error] [pid 5181:tid 47892793890560] [client 113.23.184.2:52951] client denied by server configuration: /home/apmf8com/public_html/aniqma.my/shop/admin/index.php, referer: https://aniqma.my/shop/admin/index.php?route=localisation/geo_zone/edit&user_token=0t7ohJXsOU9HjyLA0pnOdaY4FgJlq9cK&geo_zone_id=6
And like you said, it's probably a server issue, instead. I have contacted them with the updates from you guys. And they said, "We have trid too many ways to assist you however we still could not identify what is the cause of the issue. We notice the error appeared based on the OpenCart script itself ."

Guess I need to update them once again regarding the error log message. Hope I could find the solution from them too. Thanks.

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by mikeinterserv » Sun Jan 31, 2021 10:20 pm

niczous wrote:
Sun Jan 31, 2021 9:58 pm
mikeinterserv wrote:
Sat Jan 30, 2021 11:16 pm
niczous wrote:
Sat Jan 30, 2021 11:13 pm
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
OK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
Yes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.

I am using the latest Version 3.0.3.6.

Thank you.
Then its DEFINITELY a server issue of some kind - I would get back to your host with the error

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by xxvirusxx » Mon Feb 01, 2021 4:19 pm

Your site doesn't redirect to https. Fix this first.

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Naheed » Mon Feb 01, 2021 6:02 pm

From the above discussion about your query 403 Forbidden Error
on editing a Customer address, It seems to be probably a server
issue. So, sort out this and let us know if the issue is solved.

User avatar
Active Member

Posts

Joined
Mon Aug 10, 2020 11:19 pm

Post by niczous » Fri Feb 19, 2021 6:48 pm

mikeinterserv wrote:
Sun Jan 31, 2021 10:20 pm
niczous wrote:
Sun Jan 31, 2021 9:58 pm
mikeinterserv wrote:
Sat Jan 30, 2021 11:16 pm

OK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
Yes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.

I am using the latest Version 3.0.3.6.

Thank you.
Then its DEFINITELY a server issue of some kind - I would get back to your host with the error
Hi Mike!

Yes, it's the server issue. I have contacted the host. Been transferred to another server. Thank you!

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm

Post by niczous » Fri Feb 19, 2021 7:02 pm

xxvirusxx wrote:
Mon Feb 01, 2021 4:19 pm
Your site doesn't redirect to https. Fix this first.
Hi!

May you assist me to fix it, please? Thank you in advance.

Newbie

Posts

Joined
Sat Jun 03, 2017 6:28 pm
Who is online

Users browsing this forum: No registered users and 22 guests