Error 403 prevents basic tasks from being performed

Resolved panfor
(@panfor)

4 years, 8 months ago

Good morning, thank you first, because the plug is exactly what I was looking for and it certainly works fine for others because I haven’t been able to find anyone with the same problem as mine. Therefore, I am asking for help.

I am working on fresh WordPress 5.8.1 installation, all plugins removed.
– all functionality works as expected

My htaccess file contains only initial WordPress directives:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /kontag/
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /kontag/index.php [L]
</IfModule>

WP Data Access also freshly installed and all settings default.

PROBLEMS:
———–

Data Explorer section
– Manage button = infinite Loading…
– Explore button = Forbidden Error

Data Publisher section
– Design new table = Forbidden Error

Data Design section
– Add new = Forbidden Error

Data Designer accessed via Data Explorer button
– opens OK but changing mode to Basic Design Mode not possible -> Forbidden Error

I am aware that the 403 error is generated by the server, but I hope someone will give any hint where I should look for a solution because so far the plugin is simply not working.

Thanks for any help.

Viewing 11 replies - 1 through 11 (of 11 total)

Plugin Author Passionate Programmer Peter
(@peterschulznl)

4 years, 8 months ago

Hi @panfor,

Can you please try this:
– Start the Data Explorer
– Open your inspector
– Switch to your network tab
– Click one of the manage buttons
– Click on the link that appears in the network tab with: ?action=wpda_show_table_actions
– Click the reponse tab

What is displayed?

Thanks,
Peter
Thread Starter panfor
(@panfor)

4 years, 8 months ago
Thanks…

Full url is https://…/wp-admin/admin.php?action=wpda_show_table_actions&wpdaschema_name=kontag&table_name=kontag_wpda_csv_uploads&_wpnonce=5670363ec9&dbo_type=BASE%20TABLE&rownum=0

and response is HTML code of 403 Forbidden Error:
```
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
```
Plugin Author Passionate Programmer Peter
(@peterschulznl)

4 years, 8 months ago

Thanks!

Is there a security plugin blocking ajax request? Can you check please?

Thanks,
Peter

Thread Starter panfor
(@panfor)

4 years, 8 months ago

No, I have removed all plugins. There is only WordPress core and WP Data Access.

Thanks.

Plugin Author Passionate Programmer Peter
(@peterschulznl)

4 years, 8 months ago

Is this an ISP hosted server? Is there any security software installed?

Thanks,
Peter

Thread Starter panfor
(@panfor)

4 years, 8 months ago

There is mod_security active, but in error log there are no 403 errors associated with wpda requests. In addition, other WordPress installations (on the same server) run plugins that use Ajax without any problem. Thanks.

Thread Starter panfor
(@panfor)

4 years, 8 months ago

👍 I think I have found related entry in error log:

[Wed Oct 06 13:49:30 2021] [error] [client 5.184.65.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\btable_name\\b" at ARGS_NAMES:table_name. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "197"] [id "959914"] [rev "2.1.1"] [msg "Blind SQL Injection Attack"] [data "table_name"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "XXXXX"] [uri "/kontag/wp-admin/admin.php"] [unique_id "YV2NSqIx7y7Fx3fusNdh4gAAAEo"]

Mod_security doesn’t like the phrase “table_name”… What can I do with that?

Thread Starter panfor
(@panfor)

4 years, 8 months ago

So I’m working with my hosting company (ovh) on disabling this rule in modsecurity. Thank you for helping me find a solution. We can consider this topic closed.

Thanks.

Plugin Author Passionate Programmer Peter
(@peterschulznl)

4 years, 8 months ago

Hi @panfor,

Good you found the issue! 👍

You can add an exception for this rule, I think you just need the id (959914).

And I have to look at this! 🙈 The table_name argument hasn’t been an issue before, but I added it to my to do list.

Thanks for reporting,
Peter

Pixel Wall
(@pixw)

4 years, 8 months ago

If I may, I had similar issue before. The way how I fixed it is to rename some of the database column to a more unique name.

What I have noticed is that if your database have two tables share the same column name, that’s when it will cause 403 error. For example, your contact table and company table both have a column called “name”, then most likely, you will get 403 error. To fix it, you just have to rename to book_name, and company_name.

Not sure if you have the same issue, but that’s how I fixed my issue. Since then, I always name the database column using specific unique column name. However, I have also noticed that having the same “id” column throughout all your tables is not a problem.

Hope this helps.

Jay

Plugin Author Passionate Programmer Peter
(@peterschulznl)

4 years, 8 months ago

Hi Jay,

Name is a reserved word. This is documented as a plugin limitation:
https://wpdataaccess.com/docs/documentation/getting-started/known-limitations/

The plugin processes one table per HTTP request, so you should be able to use the same column name in different tables. Let me know if you run into issue with a specific configuration. I’m sure we can fix that. 😊

Thanks for your input 😉
Peter

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Error 403 prevents basic tasks from being performed’ is closed to new replies.

Tags