So I setup various sign-in methods, such as Microsoft, Discord, Google, facebook. When I click on Sign in with Google, it lets me choose my google account, but when it goes to call the server again, I get a 403 Forbidden Error.

https://swrebellion.net/oauth/callback/(plus-lots-of-stuff-here/)

I checked the folder permissions for oauth and callback, as well as the index.php , they are 644. I tried changing it to 755 but still got that error. Any thoughts?

1 hour ago, Ryan M said:

folder permissions for oauth and callback,

Have you also checked the applications/core/interface/microsoft... and applications/core/interface/goggle files permissions?

21 hours ago, Daniel F said:

Have you also checked the applications/core/interface/microsoft... and applications/core/interface/goggle files permissions?

Thanks for your response. I just checked and they were 644, and after changing them to 755, I still get the same error.

@Daniel F can you move this topic to one of the official Help & Support forums? I want to open a ticket for this but I believe the support options have changed.

A 403 error is a server issue. You’re not going to get much official support on that unfortunately. 

403 means the server (or an intermediate firewall) denied access to the resource. You might want to look into your server or firewall logs to determine why. (The file might be owned by an incorrect user, might have incorrect permissions, or there is something like mod_security or a WAF blocking it.)

The IPB software itself would not return that status code. So you need to figure out what is going on with your environment that is blocking access to the requested resource. 

So I have a dedicated server that has a Plesk back-end. We do have WAF turned on. I did come across this on the error log but I am not sure how to white-list or unblock whatever is blocked.

 

2022-05-23 13:19:21	Error	[REDACTED-IP]	[client REDACTED-IP] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "swrebellion.net"] [uri "/.env"] [unique_id "YovCGZMROG3CaKz60mq6UQAAAMw"]
2022-05-23 16:51:27	Error	[REDACTED-IP]	[client REDACTED-IP] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||swrebellion.net|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "swrebellion.net"] [uri "/oauth/callback/"] [unique_id "Yovzz5MROG3CaKz60mrBNgAAAMM"], referer: https://accounts.google.com/

 

Edited May 23, 20223 yr by Ryan M

Try having mod_security disabled.  See if that fixes your problem.  If so, you can then further troubleshoot how to actually fix mod_security (or decide to leave it disabled).  

I disabled the CWAF rule which resolved the issue.