Inaccessible Subdomains - 403 Forbidden
Hello everyone.
I'm having a major problem that unfortunately forced me to get rid of an MW installation, which after fiddling with it for too long, I decided to look for alternatives:
I created a subdomain to run a few tests so I'd see whay exactly was the problem with the MW script. Installed it via Softaculous without a hitch and visited the link so I could see what was the problem with it.
I couldn't post (that's the problem with the script, no surprizes there) but what happened next was worse.
I got a message saying:
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
After making other subdomains and installing other scripts and just uploading dummy index.php and.htaccess files, the same happened again and again... The only fix seems to be disabling mod_security, which allows me to do everything I want, including using the MW script at will with no restrictions. But this poses a major security risk, also confirmed by my webhost. I've searched here on other threads, googled for it, asked in MW site, IRC and Quora but no joy so far. The Error Log only shows me errors about older subdomains that have nothing to do with this. Using CHMOD 750/755 on public_html and subdomain.domain folder does nothing. I have no SSH, programming expertice and, as of now, ideas... Though my main site works flawlessly. This is my .htaccess on the Main.
If it helps... my site is: - Removed - I think that somehow, the problem with the MW script is connected with this error so, solving this may definitely solve the other problem. Please, do help. There are others too which need assistance...
After making other subdomains and installing other scripts and just uploading dummy index.php and.htaccess files, the same happened again and again... The only fix seems to be disabling mod_security, which allows me to do everything I want, including using the MW script at will with no restrictions. But this poses a major security risk, also confirmed by my webhost. I've searched here on other threads, googled for it, asked in MW site, IRC and Quora but no joy so far. The Error Log only shows me errors about older subdomains that have nothing to do with this. Using CHMOD 750/755 on public_html and subdomain.domain folder does nothing. I have no SSH, programming expertice and, as of now, ideas... Though my main site works flawlessly. This is my .htaccess on the Main.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPressIf it helps... my site is: - Removed - I think that somehow, the problem with the MW script is connected with this error so, solving this may definitely solve the other problem. Please, do help. There are others too which need assistance...
-
Whats a MW script? 0 -
MediaWiki. Do you know what could be causing this? 0 -
]Hello everyone. I'm having a major problem that unfortunately forced me to get rid of an MW installation, which after fiddling with it for too long, I decided to look for alternatives: I created a subdomain to run a few tests so I'd see whay exactly was the problem with the MW script. Installed it via Softaculous without a hitch and visited the link so I could see what was the problem with it.
When you created the subdomain, did you check to make sure it came up in your browser as expected, prior to installing mediawiki?] I couldn't post (that's the problem with the script, no surprizes there) but what happened next was worse.
Why no surprises for you? I've just installed it into a subdomain via Softaculous as well and can post as expected.] I got a message saying: After making other subdomains and installing other scripts and just uploading dummy index.php and.htaccess files, the same happened again and again...
What happened when you created a subdomain and added only an index.html? Nothing else.] The only fix seems to be disabling mod_security, which allows me to do everything I want, including using the MW script at will with no restrictions. But this poses a major security risk, also confirmed by my webhost.
You should ask your Hosting Provider to check which ModSecurity rule is causing you the problems.] I've searched here on other threads, googled for it, asked in MW site, IRC and Quora but no joy so far. The Error Log only shows me errors about older subdomains that have nothing to do with this. Using CHMOD 750/755 on public_html and subdomain.domain folder does nothing. I have no SSH, programming expertice and, as of now, ideas... Though my main site works flawlessly. This is my .htaccess on the Main.
# BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
If it helps... my site is: - Removed - I think that somehow, the problem with the MW script is connected with this error so, solving this may definitely solve the other problem. Please, do help. There are others too which need assistance...
None of this is a cPanel issue I don't think, your server environment might be though. Assuming the server is running SuPHP, and the subdomain is created and operating as expected prior to installing any script, and, it all works with ModSec disabled, you'll need to figure out which ModSec rule is blocking the script from working properly. Assuming the server has ConfigServer ModSec control installed, Installing the MW script and then accessing it or trying to post to it, should generate viewable errors in CMC > ModSecurity Log. With those details you could whitelist that one specific rule ID in CMC.] I've searched here on other threads, googled for it, asked in MW site, IRC and Quora but no joy so far.
You've no doubt seen this page then: /http://www.mediawiki.org/wiki/ModSecurity0
Please sign in to leave a comment.
Comments
3 comments