weird issue with configgeneral.php

[merlinpa1969]

This is a fresh 5.0.3 full install

I have wiped the files and the database and started over

 

any time I try to make a change in configgeneral.php I get the following error

 

Forbidden

 

You don't have permission to access /path-changed/admin/configgeneral.php on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

The file and folder permissions are all correct, the database is not an issue, all other settings seem to work fine, its just the general config settings,

 

has anyone else had these issues,

 

I have a ticket in but am doubling my odds that the technical people here will know

Edited January 1, 2012 by merlinpa1969
change server path

[malfunction]

You're likely falling foul of a mod_security rule. Try and disable it for a minute with .htaccess and you can confirm that one way or the other before spending time tracking down the offending rule. This should do it:

 

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

[merlinpa1969]

Thanx for the quick reply,

Tried it and no dice...

Also more info, this is a second install on this server that we are using to work out new layouts and bugs before we upgrade the live site

[merlinpa1969]

Ok well we whitelisted the rule for this account, but is only happening in the 5.0x account.

its tossing it as a cross site scripting attack

rule number 340149 of atomic corp rules

[malfunction]

There you go then, you can file that as a bug but I'm not sure if that should be to WHMCS or ART Anyway I guess you're able to work now.

[slinky]

I have the same problem. No problems with V4 but once I upgraded to v5, I get this error and a 404. Adding the entry to .htaccess doesn't work and I still have the problem as well. Will take out a ticket.

[slinky]

I didn't realize that this thread is from 11 months ago! I'm glad that I didn't move my v4 version to v5 on my primary site. This evidently involves troubleshooting and I'm wondering what anyone here has discovered as a potential fixes and whether disabling rules (which I haven't done with much of any frequency) might have other unintended effects. Doing a little reading indicates there isn't an easy way. Wondering if I'm better off just keeping everything on V4 and using a more basic helpdesk and billing for some of the other sites.

Edited December 10, 2012 by slinky

[slinky]

Frustrating. So I ended up disabling mod_security in httpd.conf and today I'm back again having the same problems.

 

I edited httpd.conf by removing the comment # character and changing the entry so it looks like this, capital letters included:

 

Include "/usr/local/apache/conf/userdata/std/2/ACCCOUNTNAME/MYDOMAIN.COM/*.conf"

 

And then I made a directory for the domain and echoed SecRuleEngine off to shut it off and modsec.conf was placed within that new account directory that was created, rebooted Apache and it worked. Today, I'm stuck again with WHMCS being halted due to a 403 error.

[slinky]

Time to call it it quits. One rule or the other reverts to being on and now I've got 500 errors appearing suddenly taking the entire site down. Too much troubleshooting. Disappointing but grateful I didn't upgrade the main site until I saw this. I'm not sure how some of you handled this without disabling a good part of the security.

[gakuse]

i am running 5.1.2 and is currently having this problem. :-(