Server Error 403 Forbidden?

  • Kimber254

    (@kimber254)


    5 years, 5 months ago

    Hi, I have E2PDF with Formidable. When I click submit on the Formidable form it should show the pdf set up with the form however I get the error “Server Error 403 Forbidden”. None of my other forms in formidable do this so I thought maybe I had a setting wrong with E2PDF because it happens with every E2PDF form. Thank you for your time

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author E2Pdf

    (@oleksandrz)

    5 years, 5 months ago

    Hi,

    We need a bit more information if possible:

    1. Which E2Pdf shortcode do you use inside “Success Message” of Formidable Form?
    2. If you remove E2Pdf shortcode, is it generate 403 Forbidden error on form submission?
    3. Do you use any 3rd party security plugins?
    4. If you have access to error.log of website, can you check it please for errors after form submission?

    We remain at your service.

    Thread Starter Kimber254

    (@kimber254)

    5 years, 5 months ago

    Hi, If I use [e2pdf-download id=”8″] it works fine. The issue is with [e2pdf-view id=”8″].

    Server Error 403Forbidden
    You do not have permission to access this document.

    For security I have Wordfence but the same error happens when it’s turned off.

    I looked at the error log and found several Apache errors, this is part of one but some of the identifying numbers removed since this is public.

    [client 100.00.000.000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file “/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf”] [line “37”] [id “00000”] [msg “Inbound Anomaly Score Exceeded (Total Inbound Score: 13 – SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack: SQL Tautology Detected.”] [tag “event-correlation”] [hostname “ei.com”] [uri “/error_docs/forbidden.html”]

    Thank you

    Plugin Author E2Pdf

    (@oleksandrz)

    5 years, 5 months ago

    It looks like issue is due ModSecurity (apache) OWASP rules installed on your server.

    Can you try to find in log the rule ID and try to disable it temporary as described here https://support.plesk.com/hc/en-us/articles/115002531753-How-to-disable-specific-ModSecurity-rules-in-Plesk, try to update owasp to latest version if it’s not latest version or try to change web application firewall as mentioned here: https://docs.plesk.com/en-US/obsidian/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/.

    [e2pdf-view] shortcode uses “iframe” of pdf.js viewer with dynamic URL and it seems can be a false-positive alert. We will try to replicate the issue on our side and check if we can do anything from our side.

    We remain at your service.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Server Error 403 Forbidden?’ is closed to new replies.