Attempting to save configuration in backend causes 403 error

  • Posts: 9
  • Thank you received: 1
  • Hikaserial Standard Hikashop Business
5 years 4 months ago #301421

-- HikaShop version -- : 4.0.1
-- Joomla version -- : 3.9.1
-- PHP version -- : 7.2
-- Browser(s) name and version -- : Chrome 71.0.3578.80
-- Error-message(debug-mod must be tuned on) -- : 403 - Forbidden

Hikashop returns 403 forbidden error when trying to save configuration via Components > Hikashop > System > Configuration

It also does this when clicking on Check database button on same screen.

We have checked file and directory permissions, and we're seeing no change: directories are 755 and files are 644 which worked fine with Hikashop before on LiteSpeed. We have only noticed this issue since v4.0 and upgrading to v4.0.1 did not resolve the problem.

All our other components are working fine, we have made no config changes prior to this issue appearing.

Last edit: 5 years 4 months ago by nicolas.

Please Log in or Create an account to join the conversation.

  • Posts: 81540
  • Thank you received: 13071
  • MODERATOR
5 years 4 months ago #301438

Hi,

I'm not sure what is the issue.
Could you check the error log of your PHP and your web server ? There should be more information on why this happens.

Please Log in or Create an account to join the conversation.

  • Posts: 9
  • Thank you received: 1
  • Hikaserial Standard Hikashop Business
5 years 4 months ago #301455

We see nothing except the 403. Details:

Example of the 403 from server log:

[11/Dec/2018:09:34:33 +1100] "POST /administrator/index.php?option=com_hikashop&ctrl=config HTTP/1.1" 403 1139 " our-website.com/administrator/index.php?...hikashop&ctrl=config " "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"

Turning on error reporting in Joomla at Maximum and via PHP options in cPanel reveals no PHP errors during this issue (minor errors are visible in other parts of the backend and on frontend, so error reporting is definitely on).

Examining PHP error_log shows errors from hikashop unrelated to this issue (e.g. incorrectly configured mass actions), so it's not catching whatever this issue is.

Please Log in or Create an account to join the conversation.

  • Posts: 81540
  • Thank you received: 13071
  • MODERATOR
5 years 4 months ago #301461

Hi,

Mmm, that's the access log, it's won't give much besides the 403 error code. If the PHP error log doesn't show anything, it confirms that it's not a bug happening while HikaShop is processing the saving of the configuration, but that it happens before HikaShop is loaded.
Do you have any security system/extension ? Maybe a new option has a name which triggers a false positive and it then forbids the processing of the POST request because of that. Or something like that...

Please Log in or Create an account to join the conversation.

  • Posts: 9
  • Thank you received: 1
  • Hikaserial Standard Hikashop Business
5 years 4 months ago #301515

Thanks. I'll take a look at recent updates to other extensions and disable etc to fault-find. Will let you know how I go.

Please Log in or Create an account to join the conversation.

  • Posts: 9
  • Thank you received: 1
  • Hikaserial Standard Hikashop Business
5 years 4 months ago #301615

Turns out there was a fault on the server, unrelated to HikaShop and Joomla. Took a bit to find it. Hosting company had to do the fix. Thanks

The following user(s) said Thank You: Jerome

Please Log in or Create an account to join the conversation.

Time to create page: 0.062 seconds
Powered by Kunena Forum