Page Index Toggle Pages: 1 [2] 
Topic Tools
Locked Topic 403 Forbidden Error and .htaccess (Read 7,768 times)
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: 403 Forbidden Error and .htaccess
Reply #8 - Aug 7th, 2012 at 1:42pm
There are no actions to perform.
Bill Myers wrote on Aug 7th, 2012 at 5:22am:
Note: Your main directory of /public_html/cgi-bin/yabb2/ should not have an .htaccess file. However, each directory under that should have this same .htaccess file.

sorry bill but /cgi-bin/yabb2/ needs a .htaccess  as this is where yabb puts all ip blocking from the The Guardian.

JonB wrote on Aug 7th, 2012 at 12:46pm:
I have sent Alejandro a few questions via PM, as I do not want to confuse this Support thread with speculation.

Good luck
Cool

cool and Alejandro Raggio good luck with your forum  Smiley
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,818
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: 403 Forbidden Error and .htaccess
Reply #7 - Aug 7th, 2012 at 12:46pm
There are no actions to perform.
I have sent Alejandro a few questions via PM, as I do not want to confuse this Support thread with speculation.

Good luck
Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: 403 Forbidden Error and .htaccess
Reply #6 - Aug 7th, 2012 at 5:22am
There are no actions to perform.
Since nothing suggested here so far seems to be working, may I suggest that you double check the basics?

In other words, check to see that in each one of your YaBB directories there is an .htaccess file with the following information in it:

Code
Select All
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName DenyViaWeb
AuthType Basic

<Limit GET>
order allow,deny
deny from all
</Limit> 


Note: Your main directory of /public_html/cgi-bin/yabb2/ should not have an .htaccess file. However, each directory under that should have this same .htaccess file.

Important: If what I've mentioned above makes sense to you, then give it a try, but please make sure that any .htaccess files you find are copied, and stored away in case what I suggest doesn't work. That way, you can simply restore any original .htaccess file, and go back to square one.

Keep in mind that whatever .htaccess file or files you may have outside of the main directory of your YaBB forum will only affect YaBB if there are no .htaccess files inside of YaBB. So any Joomla .htaccess files that are needed can still be used.

Please let us know how it works out, and good luck!

« Last Edit: Aug 7th, 2012 at 5:49am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Alejandro Raggio
YaBB Newcomer
*
Offline



Posts: 10

None
Re: 403 Forbidden Error and .htaccess
Reply #5 - Aug 7th, 2012 at 4:33am
There are no actions to perform.
I tried that but didn't work either.   Cry

I also found this:
Quote:
htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.

http://www.javascriptkit.com/howto/htaccess.shtml

I even tried creating additional htaccess files either empy ones or with any content on both YaBB folders, but no luck.
« Last Edit: Aug 7th, 2012 at 2:47pm by Alejandro Raggio »  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,818
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: 403 Forbidden Error and .htaccess
Reply #4 - Aug 6th, 2012 at 8:02pm
There are no actions to perform.
Try the 'YaBB' excluder directives at the top of your .htaccess.

Good Luck

Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Alejandro Raggio
YaBB Newcomer
*
Offline



Posts: 10

None
Re: 403 Forbidden Error and .htaccess
Reply #3 - Aug 6th, 2012 at 5:29pm
There are no actions to perform.
JonB wrote on Aug 6th, 2012 at 2:47pm:
Is Joomla in the root of your website or a subfolder?

thanks
Cool


Yes, Joomla is in /public_html/ and the .htaccess file too.

Thanks for the replies. I tried both options, but sadly it didn't work. I still get code 403.

Just to be sure, and not waste your time, I deleted .htaccess file for a second and YaBB worked, so I'm sure the issue it's in the .htaccess file.
« Last Edit: Aug 6th, 2012 at 5:30pm by Alejandro Raggio »  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,818
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: 403 Forbidden Error and .htaccess
Reply #2 - Aug 6th, 2012 at 2:47pm
There are no actions to perform.
Is Joomla in the root of your website or a subfolder?

thanks
Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: 403 Forbidden Error and .htaccess
Reply #1 - Aug 6th, 2012 at 12:52pm
There are no actions to perform.
Hi Alejandro Raggio

find
Code
Select All
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits. 



Edited:
and add after
Code
Select All
<IfModule mod_rewrite.c>
RewriteEngine on
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/cgi-bin/" [OR]
RewriteCond %{REQUEST_URI} "/yabb2/" [OR]
RewriteCond %{REQUEST_URI} "/yabbfiles/"
RewriteRule (.*) $1 [L]
# 



if that don't work try
Code
Select All
<IfModule mod_rewrite.c>
RewriteEngine on
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/cgi-bin/yabb2/" [OR]
RewriteCond %{REQUEST_URI} "/yabbfiles/"
RewriteRule (.*) $1 [L]
# 



forgot to add a bit

if this don't work post back  Wink
« Last Edit: Aug 6th, 2012 at 1:04pm by xnoddyx »  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Alejandro Raggio
YaBB Newcomer
*
Offline



Posts: 10

None
403 Forbidden Error and .htaccess
Aug 6th, 2012 at 4:35am
There are no actions to perform.
I have recently updated my Joomla installation and the security features in the built-in .htaccess file blocks my forum from working. All I get is a 403 error, and I have already checked CHMOD and cgi-bin folder execute permission.

I don't want to delete or rename .htaccess protection, because we have already had some bot attacks that exploited old joomla's vulnerabilities, and the new joomla and the new .htaccess file stop that from happening again.

I lack the knowledge (and even tried googling it, but no success) to properly edit my .htaccess file and make Yabb work without compromising Joomla's security.

Would someone who knows Apache configuration be willing to help me?

Thanks,


I have the YaBB forum installed in /public_html/cgi-bin/yabb2/

Below is the default .htaccess file that comes with Joomla, which is placed in /public_html/

Code
Select All
##
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section. 

« Last Edit: Aug 6th, 2012 at 4:38am by Alejandro Raggio »  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 [2] 
Topic Tools
 
  « Board Index ‹ Board  ^Top