Greetings!
Hi,
I have this 403 Forbidden Error every time I edit a Customer (with multiple addresses). And I noticed that this has also been happening if I tried to edit Geo Zones.
Have you guys ever experienced this? And what should I do to stop this error?
Thank you in advance.
Hi,
I have this 403 Forbidden Error every time I edit a Customer (with multiple addresses). And I noticed that this has also been happening if I tried to edit Geo Zones.
Have you guys ever experienced this? And what should I do to stop this error?
Thank you in advance.
Attachments
Screen-Shot-2021-01-25-at-7.38.54-PM.jpg (176.21 KiB) Viewed 1659 times
Screen Shot 2021-01-25 at 7.35.49 PM.png (236.59 KiB) Viewed 1659 times
Looks like a false positive from a web application firewall, such as ModSecurity. Check your hosting control panel or ask your host.
Hi ADD Creative!ADD Creative wrote: ↑Mon Jan 25, 2021 8:25 pmLooks like a false positive from a web application firewall, such as ModSecurity. Check your hosting control panel or ask your host.
Thank you for your reply. I have tried turning off ModSecurity on cPanel but it still happens.
It could be another firewall - ask your web host.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Guru Member
Well generally a firewall is not going to allow the entire page to load, get as far as displaying the first 2 fields in the Malaysia geozone and then SUDDENLY say Oh no you have no permission to be here, so I personally don't think its a firewall issue.
Is the popup not just a customised 404 from the webserver ? Although it LOOKS like an OC popup
Are you doing stuff as an assigned API user otr are you using the default setting
Another thing - see if you can find the 403 status from your server log files
like 403.1 or 403.2 etc This will give you more info
Another thing that cropped up before
in OCadmin>settings>store>edit>server tab>ROBOTS LIST - try REMOVING the entry :bot - you can easily put it back if it makes no difference.
From the screenshots it looks like it's blocking the AJAX requests, probably for the zone lookup. The firewall is probably seeing multiple zone lookups because of the number of addresses and entries in the Geo Zones list. Either the content of the request or the number and timing of the requests are triggering a false positive. The pop up is just a alert box generated on the AJAX call failing.mikeinterserv wrote: ↑Tue Jan 26, 2021 10:39 pmWell generally a firewall is not going to allow the entire page to load, get as far as displaying the first 2 fields in the Malaysia geozone and then SUDDENLY say Oh no you have no permission to be here, so I personally don't think its a firewall issue.
Is the popup not just a customised 404 from the webserver ? Although it LOOKS like an OC popup
I understand what your saying but there is next to nothing in that list for Malaysia and it doesn't do it on a much larger list of zones for another country.ADD Creative wrote: ↑Wed Jan 27, 2021 3:32 amFrom the screenshots it looks like it's blocking the AJAX requests, probably for the zone lookup. The firewall is probably seeing multiple zone lookups because of the number of addresses and entries in the Geo Zones list. Either the content of the request or the number and timing of the requests are triggering a false positive. The pop up is just a alert box generated on the AJAX call failing.
The response (i.e. the number of zones) is irrelevant. The firewall will be blocking due to the content or timing of the requests.mikeinterserv wrote: ↑Wed Jan 27, 2021 3:38 amI understand what your saying but there is next to nothing in that list for Malaysia and it doesn't do it on a much larger list of zones for another country.
Surely this would then also happen in admin catalog and anywhere else a number of requests are made, but he reports no other problems other than customers with multiple addresses and the geozone related to Malaysia and those addresses.ADD Creative wrote: ↑Wed Jan 27, 2021 3:43 amThe response (i.e. the number of zones) is irrelevant. The firewall will be blocking due to the content or timing of the requests.
It will be interesting if he comes back with more info.
It will be the content of the requests that will be key. There will be something in the following that generates the false positive or the fact the exact same request if made multiple times. Nowhere else will be sending that request multiple times.mikeinterserv wrote: ↑Wed Jan 27, 2021 3:56 amSurely this would then also happen in admin catalog and anywhere else a number of requests are made, but he reports no other problems other than customers with multiple addresses and the geozone related to Malaysia and those addresses.
It will be interesting if he comes back with more info.
Code: Select all
admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129
Hi guys!
Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
I am still looking for possible solutions.
Thank you in advance.
Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
I am still looking for possible solutions.
Thank you in advance.
The 403 forbidden error your are receiving is generated by the server not OpenCart. Unless you have some modifications that change the way the Geo Zones are submitted, have related errors in you OpenCart or PHP error logs or you now have a different error, it's a sever issue not an OpenCart one. Most likely some sort of protection kicking in.niczous wrote: ↑Sat Jan 30, 2021 11:13 pmHi guys!
Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
I am still looking for possible solutions.
Thank you in advance.
It's not uncommon, we once had a host that decided to block all the Googlebot IP addresses! It took a little while to work out what was going on.
If you look in the network tab of your web browser's development console or your server access logs. You should be able to see the URLs returning the 403 status. Likely to be.
Code: Select all
admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129
Yes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.mikeinterserv wrote: ↑Sat Jan 30, 2021 11:16 pmOK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
I am using the latest Version 3.0.3.6.
Thank you.
I see. I found some error log messages; one of them isADD Creative wrote: ↑Sun Jan 31, 2021 9:30 pmThe 403 forbidden error your are receiving is generated by the server not OpenCart. Unless you have some modifications that change the way the Geo Zones are submitted, have related errors in you OpenCart or PHP error logs or you now have a different error, it's a sever issue not an OpenCart one. Most likely some sort of protection kicking in.niczous wrote: ↑Sat Jan 30, 2021 11:13 pmHi guys!
Sorry for the delay. I have contacted my web host and they asked me to follow this thread at viewtopic.php?t=191792 as it could be bugs for Geo Zone. I have followed the steps but it's still happening. The list was okay for 8 zones at first after the change, but then I re-checked, it's back to 2 zones and error. I noticed that all the Geo Zones are affected including the default UK Shipping Zone.
I am clueless now. I have also checked my other OC sites, this problem is also occurred.
I am still looking for possible solutions.
Thank you in advance.
It's not uncommon, we once had a host that decided to block all the Googlebot IP addresses! It took a little while to work out what was going on.
If you look in the network tab of your web browser's development console or your server access logs. You should be able to see the URLs returning the 403 status. Likely to be.Code: Select all
admin/index.php?route=localisation/country/country&user_token=xxx&country_id=129
Code: Select all
[Sun Jan 31 17:13:58.063174 2021] [:error] [pid 5181:tid 47892793890560] [client 113.23.184.2:52951] client denied by server configuration: /home/apmf8com/public_html/aniqma.my/shop/admin/index.php, referer: https://aniqma.my/shop/admin/index.php?route=localisation/geo_zone/edit&user_token=0t7ohJXsOU9HjyLA0pnOdaY4FgJlq9cK&geo_zone_id=6
Guess I need to update them once again regarding the error log message. Hope I could find the solution from them too. Thanks.
Then its DEFINITELY a server issue of some kind - I would get back to your host with the errorniczous wrote: ↑Sun Jan 31, 2021 9:58 pmYes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.mikeinterserv wrote: ↑Sat Jan 30, 2021 11:16 pmOK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
I am using the latest Version 3.0.3.6.
Thank you.
Your site doesn't redirect to https. Fix this first.
Upgrade Service | OC 2.3.0.2 PHP 8 | My Custom OC 3.0.3.8 | Buy me a beer
Hi Mike!mikeinterserv wrote: ↑Sun Jan 31, 2021 10:20 pmThen its DEFINITELY a server issue of some kind - I would get back to your host with the errorniczous wrote: ↑Sun Jan 31, 2021 9:58 pmYes. There are all on the same hosting. And I created a new OC site on the other hosting which is provided by the same server company. And there's no issue at all. I can view all the zones.mikeinterserv wrote: ↑Sat Jan 30, 2021 11:16 pm
OK no worries
are the OTHER OC sites on the SAME SERVER
AND - what version of OC are you using
I am using the latest Version 3.0.3.6.
Thank you.
Yes, it's the server issue. I have contacted the host. Been transferred to another server. Thank you!