The Sinclair QL Forum

NormanDunbar wrote:Hi Rob, just noticed this post on the forum. Bwinkle is having the same 403 error inserting code into a post on the forum. viewtopic.php?f=3&t=3193&p=36792#p36792 -- might be related?

P.S. qlforum wouldn't let me insert the code this time so I had to use pictures...kept giving me this page:

403.png

It's a weird error as some code will post but others won't. I tried a 5 line snippet of C code in a forum Code block and it gave me that 403 page. When I took the 'i' in 'if' out it posted (or the 'f' in 'if') but not otherwise. However, it wasn't the 'if' that caused it since elsewhere I could get an 'if' to work, just one of many examples. So I reverted to screen images instead. Never had issues with a Code block before (C or BASIC).

Hi bwinkle67,

There are currently similar 403 errors on the QL Wiki, which is currently being investigated. The fact that you see them on the Forum too was what I was bringing to Rob's attention. Rob has guru level skills and access, which I don't have. (And don't need!).

Cheers,
Norm.

robheaton wrote:I'm going to take a copy of the QLWiki and load it on a local server and see if i can work out what is going on.

In the logs I have access to on the live system, there are no errors shown in the logs, so we don't have a lot to go on.
Work is pretty hectic at the moment, but I'm hoping to do this over the next few days, just hope it leads us somewhere!

Hi Rob,

I thought this may be helpful information to you in debugging the 403 error on code inclusion in qlforum: it kooks like it crashes (i.e. goes to the 403 page) when an "if" is used in the code listing (C source code for me...haven't tried it with BASIC). I substituted the character "i" with the ASCII character code 141 (which sort of looks like an "i") where I had and "if" and that seemed to have worked.

This looks like it is likely to be the cause to the qlwiki issues (and the same for the less severe issue in the forum within the same web space):

https://www.dokuwiki.org/faq:mod_security

Apache sensitivity to certain words and code.

I think you might be on to something there chr$. I just ran a test with a code block containing the text "if x = 1 then" and it previewed quite happily. I changed that to "if ?x = 1? then" and it gave me a huge 403 Forbidden page. Adding spaces before and/or after the opening bracket made no difference.

Even in the plain text part it barfs with parenthesis, I had to change the opening and closing brackets in the example to question marks to be able to post this reply!!!!

Thanks for finding that one, it looks like it's an old old "bug" though, some of the responses are dated 2009!

I'll make sure the admins know -- but I suspect they already have read your post.


Cheers,
Norm.

I had a look through that post and I tried the insecure fix as a quick test.
This broke the hosting for both the forum and wiki, just resulting in server errors.

I’ve undone this and the forum and wiki are working again, I’ll raise a support ticket with the web host, as there are no options in the control panel for mod_security.


Certainly worth exploring, thanks for the link Chr$

robheaton wrote:I had a look through that post and I tried the insecure fix as a quick test.
This broke the hosting for both the forum and wiki, just resulting in server errors.

I’ve undone this and the forum and wiki are working again, I’ll raise a support ticket with the web host, as there are no options in the control panel for mod_security.


Certainly worth exploring, thanks for the link Chr$

Thanks Rob and Norm.

Just a quick update confirming this has been fixed!

It was an issue with mod_security as Chr$ suggested!

robheaton wrote:Just a quick update confirming this has been fixed!

It was an issue with mod_security as Chr$ suggested!

It still doesn't seem to work for me. I refreshed the page, logged out and in again and still get the 403. Should I try something else, like delete related cookies or something?

I've tried it and it is working for me on my tablet.

This code should work too:
The brackets used to cause 403s as well.

I'm not sure but clearing tha cache and/or cookies should sort you out -- but webby things are a right PITA at times.


Cheers,
Norm.