Re: Don't have permission

Hi,

I have the same problem.

I have set up a test site with Joomla 2.5.6 stable, Hikashop Business v. 1.5.8, HikaSerial 1.3.0, Falang V1.1.6 (basic), Community Builder v1.8.1 and JCE 2.2.2.

Everything works fine in Joomla and all other extensions. The only problem I have is that I cannot save Hikashop configuration. When I try to save changes i get this message:

Forbidden

You don't have permission to access /sites/cw42.no/administrator/index.php on this server.

Here are the permissions for this file:
-rw-r

---

1 michaelbentsen michaelbentsen 1.5K Jun 19 16:09 administrator/index.php

What can be wrong?

---

Update: The problem seems to be with mod_security. I got the error from the mod_security log file from my hosting partner, see attachment.

Hi michaelbentsen,

It seems to be due to mod_security, maybe mod_security block the size of the POST.
When you save the HikaShop configuration, much data are passed in POST, and it's possible that mod_security detect that as a security fail.

Try to configure it to allow more data.

I cannot configure mod_security as it is set up by my hosting partner.

They will not change mod_security settings if I cannot make a strong argument and tell them exactly why they should do that.

They did some investigation, and the guy I was in contact with saw the following potential problems:

* No specification of the content transfer coding ( www.ietf.org/rfc/rfc2388.txt part 4.5)
* Too much content in one line (max 1024 characters on each line)
* May contain invalid characters (eg. = )

Here is a link to my hosting partners info page about their mod_security implementation/setup:
www.domainnameshop.com/faq.cgi?id=257&se...ion=a6b9acb5f536e0cd

The rule that is triggered is MULTIPART_INVALID_QUOTING.

Since I've never had this problem with any other Joomla page or extension, I assume that the error is related to how HikaShop is posting the config form or the size of the form data.

I also did a fresh install of the latest Joomla version with HikaShop 1.5.8 using english language only, but the problem persists (my other two sites which has this problem is in norwegian, but the fresh install did not have any norwegian characters).

Michael

I do not think it is browser related.

All these browser give the 403 Forbidden result:

• IE v9.0.8, both 32-bit and 64-bit version
• Google Chrome 21.0.1180.79 m
• Opera v 12.01 build 1532 x64

I don't know exactly when this error was introduced since I've been on vacation, but it may have been introduced with HikaShop 1.5.8 - although I doubt that too because I've tried a clean installed with Joomla 2.5.6 and Hikashop 1.5.7 and I still get the same error.

I will send you login to a test site where you can see the problem.

Michael

Worked like a charm! Thanks:)

I have this problem to, could you tell me in wich file I have to make the change mentionen and add the scrypt that you share?

Thanks a lot!!

Hi guys,

Just downloaded the new 1.6.0 release of HikaShop, and the problem has not been fixed.

Will you create a permanent fix for this problem?

It is triggered by MULTIPART_INVALID_QUOTING check in Apaches mod_security, and it is not browser related. There is most likely an error in the extremely complex form used to submit configuration changes in HikaShop.

One solution could be to create a separate form for uploading the default image, maybe use a popup or an iframe. Then there is no need to use multipart/form-data on the main configuration form.

Hope you will look into this and make a permanent fix. I suspect that this error occured after my hosting partner updated their Apache and mod_security installation in May, and afaik they use the recommended settings for mod_security - at least for the relevant parts. Therefore I suspect that more people may experience this error in the future and you should really create a permanent fix sooner than later.

Michael

feel like an idiot i can see what i have to add in but cant work out what file im adding it to.

It's the file "config" of the view "config" as Jerome explained.
You can edit if via the menu Display->views. Make sure that you edit it for your back end template and not another template.

new to all this could you maybe help me out here

actually found the file to edit and added the check box and still same error ??????

Hi Jerome,

it seems that the club of "Forbidden" grows up gradually...
I just want to say that I have exactly the same problem - it comes up with the message "You don't have permission to access /administrator/index.php on this server" after I'm trying to save configuration.

Joomla 2.5.7 + Hikashop Essential (switched over from VirtueMart...)
host provider - the same as MichaelBentsen www.domainnameshop.com/faq.cgi?id=257&se...ion=a6b9acb5f536e0cd

I've tried to solve this the way Jerome said (well, I think so), but no result.
Actually I've got familiar with HTML coding just 3 weeks ago, when I decided to launch my site on my own, so up til now it went quite well with the help of this forum. But now I give up...

Jerome, can I send my credentials to you in order you sort out all this thing?
Thank you!

Wow! It works!
I even can't find the right word to describe such wonderful customer service!
And great product as well!

no idea about Jerome's explanation
but one thing I know - a huge thanx to you, Jerome!

I did exactly what was described by Jerome, but it don't work. I have still the same error when I try to save system -> emails -> one of the e-mail template.