Error when posting formatted text: Forbidden You don't have permission to access this resource

[cbrXXorg]

Some formatted text works, but often doesn't.  It only affects pasted-in formatted text, not formatted in the editor.  For example, a user does a copy paste of a news article with the headline and first paragraphs, with lots of formatting, it will nearly always fail. 

Full error:

Forbidden

You don't have permission to access this resource.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

 

 

Example content about penguins (which also is hilarious, and a user reported it can't be posted):

They taste like “a piece of beef, odiferous cod fish and a canvas-backed duck roasted together in a pot, with blood and cod-liver oil for sauce”. 

[Daniel F]

Sounds like a WAF ( Web Application Firewall) is blocking the request.

I would suggest to contact your web host to see if they can adjust the security rules.

[cbrXXorg]

Do you have some idea on what to adjust?  We're not on a hosted web server, it's a Linux VPN running Cpanel, and our team controls it.  There are no external firewalls, just what is in Linux/WHM/Cpanel.

[Randy Calvert]

I would look if you have something like CSF or mod_security installed. As this is a server configuration issue, IPS can’t help/advise on how your server is configured. 

[Marc]

3 hours ago, Randy Calvert said:

I would look if you have something like CSF or mod_security installed. As this is a server configuration issue, IPS can’t help/advise on how your server is configured. 

[cbrXXorg]

9 hours ago, Randy Calvert said:

I would look if you have something like CSF or mod_security installed. As this is a server configuration issue, IPS can’t help/advise on how your server is configured. 

We certainly do have those installed.  I primarily work in the SIP world, where vendors specify ports and services that must be allowed for their applications.  I don't think it's unreasonable to ask if there's a similar spec or white paper for this configuration, right?

[Randy Calvert]

30 minutes ago, cbrXXorg said:

We certainly do have those installed.  I primarily work in the SIP world, where vendors specify ports and services that must be allowed for their applications.  I don't think it's unreasonable to ask if there's a similar spec or white paper for this configuration, right?

This is not a port/protocol issue.  IPS is a website...  so it would use TCP 80/443.  If this was a basic issue like that, you would not even be connecting to the site whatsoever.  

If you put a WAF in place, you're going to have literally hundreds of rules.  These all vary from WAF vendor to WAF vendor.  There is not a central "WAF rule database" to say you should specifically override and allow rule 990294 and 100111.  This is basically you decided to hire a security guard to sit in front of your website.  The website (IPS) is not aware of that guard.  Who they allow in depends on what you tell them to.  

Sometimes out of the box rules don't behave the way you expect them to...  this is called a false positive.  You would have to either look in your WAF rules to see what is triggering and create an exception, or turn it off.  But again, IPS does not even use your WAF to know what rules it has, how it is configured, or what needs to be allowed.  

Edited July 2 by Randy Calvert

[Marc]

55 minutes ago, cbrXXorg said:

We certainly do have those installed.  I primarily work in the SIP world, where vendors specify ports and services that must be allowed for their applications.  I don't think it's unreasonable to ask if there's a similar spec or white paper for this configuration, right?

As mentioned by Randy above. The software will communicate on whatever protocol you are using (http, or https), so 80 or 443 . There isnt really anything else we are able to tell you in terms of your own environment setup and what you need to set. That would be for your hosting company (be that yourself or otherwise)