Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Ryan M Posted May 18, 2022 Posted May 18, 2022 So I setup various sign-in methods, such as Microsoft, Discord, Google, facebook. When I click on Sign in with Google, it lets me choose my google account, but when it goes to call the server again, I get a 403 Forbidden Error. https://swrebellion.net/oauth/callback/(plus-lots-of-stuff-here/) I checked the folder permissions for oauth and callback, as well as the index.php , they are 644. I tried changing it to 755 but still got that error. Any thoughts?
Daniel F Posted May 18, 2022 Posted May 18, 2022 1 hour ago, Ryan M said: folder permissions for oauth and callback, Have you also checked the applications/core/interface/microsoft... and applications/core/interface/goggle files permissions?
Ryan M Posted May 19, 2022 Author Posted May 19, 2022 21 hours ago, Daniel F said: Have you also checked the applications/core/interface/microsoft... and applications/core/interface/goggle files permissions? Thanks for your response. I just checked and they were 644, and after changing them to 755, I still get the same error.
Ryan M Posted May 21, 2022 Author Posted May 21, 2022 @Daniel F can you move this topic to one of the official Help & Support forums? I want to open a ticket for this but I believe the support options have changed.
Randy Calvert Posted May 21, 2022 Posted May 21, 2022 A 403 error is a server issue. You’re not going to get much official support on that unfortunately. 403 means the server (or an intermediate firewall) denied access to the resource. You might want to look into your server or firewall logs to determine why. (The file might be owned by an incorrect user, might have incorrect permissions, or there is something like mod_security or a WAF blocking it.) The IPB software itself would not return that status code. So you need to figure out what is going on with your environment that is blocking access to the requested resource.
Ryan M Posted May 23, 2022 Author Posted May 23, 2022 (edited) So I have a dedicated server that has a Plesk back-end. We do have WAF turned on. I did come across this on the error log but I am not sure how to white-list or unblock whatever is blocked. 2022-05-23 13:19:21 Error [REDACTED-IP] [client REDACTED-IP] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "swrebellion.net"] [uri "/.env"] [unique_id "YovCGZMROG3CaKz60mq6UQAAAMw"] 2022-05-23 16:51:27 Error [REDACTED-IP] [client REDACTED-IP] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||swrebellion.net|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "swrebellion.net"] [uri "/oauth/callback/"] [unique_id "Yovzz5MROG3CaKz60mrBNgAAAMM"], referer: https://accounts.google.com/ Edited May 23, 2022 by Ryan M
Randy Calvert Posted May 23, 2022 Posted May 23, 2022 Try having mod_security disabled. See if that fixes your problem. If so, you can then further troubleshoot how to actually fix mod_security (or decide to leave it disabled).
Ryan M Posted June 8, 2022 Author Posted June 8, 2022 I disabled the CWAF rule which resolved the issue. Daniel F and faraz sabir 1 1
Recommended Posts