YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 
Topic Tools
 
403 Forbidden Error and .htaccess (Read 4,689 times)
 Aug 6th, 2012 at 4:35am
There are no actions to perform.  

Alejandro Raggio 
YaBB Newbie
*
Offline
Posts: 10


YaBB 2.5
403 Forbidden Error and .htaccess
I have recently updated my Joomla installation and the security features in the built-in .htaccess file blocks my forum from working. All I get is a 403 error, and I have already checked CHMOD and cgi-bin folder execute permission.

I don't want to delete or rename .htaccess protection, because we have already had some bot attacks that exploited old joomla's vulnerabilities, and the new joomla and the new .htaccess file stop that from happening again.

I lack the knowledge (and even tried googling it, but no success) to properly edit my .htaccess file and make Yabb work without compromising Joomla's security.

Would someone who knows Apache configuration be willing to help me?

Thanks,


I have the YaBB forum installed in /public_html/cgi-bin/yabb2/

Below is the default .htaccess file that comes with Joomla, which is placed in /public_html/

Code Select All
##
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section. 

« Last Edit: Aug 6th, 2012 at 4:38am by Alejandro Raggio »  
 
IP Logged  
 Reply #1 - Aug 6th, 2012 at 12:52pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,552
UK:Scotland/livingston


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
Hi Alejandro Raggio

find
Code Select All
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits. 



Edited:
and add after
Code Select All
<IfModule mod_rewrite.c>
RewriteEngine on
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/cgi-bin/" [OR]
RewriteCond %{REQUEST_URI} "/yabb2/" [OR]
RewriteCond %{REQUEST_URI} "/yabbfiles/"
RewriteRule (.*) $1 [L]
# 



if that don't work try
Code Select All
<IfModule mod_rewrite.c>
RewriteEngine on
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/cgi-bin/yabb2/" [OR]
RewriteCond %{REQUEST_URI} "/yabbfiles/"
RewriteRule (.*) $1 [L]
# 



forgot to add a bit

if this don't work post back  Wink
« Last Edit: Aug 6th, 2012 at 1:04pm by xnoddyx »  
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #2 - Aug 6th, 2012 at 2:47pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,615
Land of the Blazing Sun!


None
Re: 403 Forbidden Error and .htaccess
Is Joomla in the root of your website or a subfolder?

thanks
Cool
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #3 - Aug 6th, 2012 at 5:29pm
There are no actions to perform.  

Alejandro Raggio 
YaBB Newbie
*
Offline
Posts: 10


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
JonB wrote on Aug 6th, 2012 at 2:47pm:
Is Joomla in the root of your website or a subfolder?

thanks
Cool


Yes, Joomla is in /public_html/ and the .htaccess file too.

Thanks for the replies. I tried both options, but sadly it didn't work. I still get code 403.

Just to be sure, and not waste your time, I deleted .htaccess file for a second and YaBB worked, so I'm sure the issue it's in the .htaccess file.
« Last Edit: Aug 6th, 2012 at 5:30pm by Alejandro Raggio »  
 
IP Logged  
 Reply #4 - Aug 6th, 2012 at 8:02pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,615
Land of the Blazing Sun!


None
Re: 403 Forbidden Error and .htaccess
Try the 'YaBB' excluder directives at the top of your .htaccess.

Good Luck

Cool
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #5 - Aug 7th, 2012 at 4:33am
There are no actions to perform.  

Alejandro Raggio 
YaBB Newbie
*
Offline
Posts: 10


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
I tried that but didn't work either.   Cry

I also found this:
Quote:
htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.

http://www.javascriptkit.com/howto/htaccess.shtml

I even tried creating additional htaccess files either empy ones or with any content on both YaBB folders, but no luck.
« Last Edit: Aug 7th, 2012 at 2:47pm by Alejandro Raggio »  
 
IP Logged  
 Reply #6 - Aug 7th, 2012 at 5:22am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: 403 Forbidden Error and .htaccess
Since nothing suggested here so far seems to be working, may I suggest that you double check the basics?

In other words, check to see that in each one of your YaBB directories there is an .htaccess file with the following information in it:

Code Select All
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName DenyViaWeb
AuthType Basic

<Limit GET>
order allow,deny
deny from all
</Limit> 


Note
: Your main directory of /public_html/cgi-bin/yabb2/ should not have an .htaccess file. However, each directory under that should have this same .htaccess file.

Important
: If what I've mentioned above makes sense to you, then give it a try,
but
please make sure that any .htaccess files you find are copied, and stored away in case what I suggest doesn't work. That way, you can simply restore any original .htaccess file, and go back to square one.

Keep in mind that whatever .htaccess file or files you may have outside of the main directory of your YaBB forum will only affect YaBB if there are no .htaccess files inside of YaBB. So any Joomla .htaccess files that are needed can still be used.

Please let us know how it works out, and good luck!

« Last Edit: Aug 7th, 2012 at 5:49am by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #7 - Aug 7th, 2012 at 12:46pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,615
Land of the Blazing Sun!


None
Re: 403 Forbidden Error and .htaccess
I have sent Alejandro a few questions via PM, as I do not want to confuse this Support thread with speculation.

Good luck
Cool
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #8 - Aug 7th, 2012 at 1:42pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,552
UK:Scotland/livingston


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
Bill Myers wrote on Aug 7th, 2012 at 5:22am:
Note: Your main directory of /public_html/cgi-bin/yabb2/ should not have an .htaccess file. However, each directory under that should have this same .htaccess file.

sorry bill but /cgi-bin/yabb2/ needs a .htaccess  as this is where yabb puts all ip blocking from the The Guardian.

JonB wrote on Aug 7th, 2012 at 12:46pm:
I have sent Alejandro a few questions via PM, as I do not want to confuse this Support thread with speculation.

Good luck
Cool

cool and Alejandro Raggio good luck with your forum  Smiley
 
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #9 - Aug 7th, 2012 at 4:57pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: 403 Forbidden Error and .htaccess
JonB wrote on Aug 7th, 2012 at 12:46pm:
I have sent Alejandro a few questions via PM, as I do not want to confuse this Support thread with speculation.

Yeah, there's speculation going on here. Wink

Just trying to help, and somehow, someway, I seem to have a good track record of solving problems. Please don't denigrate the help I give. If or when it's wrong, just correct me on it, and that will help everyone. Thanks.

****************************************

xnoddyx wrote on Aug 7th, 2012 at 1:42pm:
sorry bill but /cgi-bin/yabb2/ needs a .htaccess  as this is where yabb puts all ip blocking from the The Guardian.

Our forum's top directory doesn't have an .htaccess file, so it's obviously not needed. Yes, we also use The Guardian, and it thankfully works just fine.

More accurately, whenever there's no .htaccess file in any given directory, any .htaccess file above such a directory, if it exists, is what parents the child directories underneath it.

In any case, the contents of the .htaccess file that I listed are actually part of YaBB's installation process. I've seen the inner workings of dozens of YaBB forums, and these .htaccess files have been identical.

Check your own YaBB forums, and see what shows up.  Wink

****************************************

For the record, what I offered is straight from YaBB's documentation.

However this problem gets solved, please explain it here so that all of us can benefit from the solution. Thanks.

Qualification
: What I specifically presented in this thread is based on version 2.4 of YaBB.

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #10 - Aug 7th, 2012 at 5:21pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,552
UK:Scotland/livingston


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
Bill Myers wrote on Aug 7th, 2012 at 4:57pm:
Our forum's top directory doesn't have an .htaccess file, so it's obviously not needed. Yes, we also use The Guardian, and it thankfully works just fine.More accurately, whenever there's no .htaccess file in any given directory, any .htaccess file above such a directory, if it exists, is what parents the child directories underneath it.In any case, the contents of the .htaccess file that I listed are actually part of YaBB's installation process. I've seen the inner workings of dozens of YaBB forums, and these .htaccess files have been identical.Check your own YaBB forums, and see what shows up.  

hi bill this is how it looks on my server
top mark is the cgi-bin/yabb2/ dir
next is the .htaccess that The Guardian uses
and last is what is in that .htaccess file  Wink
and here is a installation video of 2.4 http://www.youtube.com/watch?v=6ic0PTG3dhc
...
« Last Edit: Aug 7th, 2012 at 5:37pm by xnoddyx »  
billhelp.jpg (114 KB | 59 )
billhelp.jpg
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #11 - Aug 7th, 2012 at 5:48pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: 403 Forbidden Error and .htaccess
xnoddyx wrote on Aug 7th, 2012 at 5:21pm:
hi bill this is how it looks on my server
top mark is the cgi-bin/yabb2/ dir
next is the .htaccess that The Guardian uses
and last is what is in that .htaccess file  Wink
and here is a installation video of 2.4 http://www.youtube.com/watch?v=6ic0PTG3dhc
http://www.yabbforum.com/yabbfiles/Attachments/billhelp.jpg

Smiley


I just pointed out that our forum doesn't have an .htaccess file in it, and it works fine.  Wink

In any case, I wonder if Alejandro has the same .htaccess file that you have, and if he doesn't, maybe copying it into his forum could solve his problem, no?

Questioning It's worth a try, right? Questioning

By the way, for me personally, videos are a huge help, so thank you for that.  Smiley




« Last Edit: Aug 7th, 2012 at 5:50pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #12 - Aug 7th, 2012 at 6:15pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: 403 Forbidden Error and .htaccess
Sorry for the double post ... didn't want to crowd my previous post as it was suggested that I not do.

OH MY GOSH!


It just dawned on me thanks to xnoddyx's clarifications that a 403 error can be produced because of settings in The Guardian™.

As it turns out, our forum does use The Guardian™ to protect our board just as I mentioned,
but
we have obviously not activated .htaccess to add IP blocks on our server level.

So, could it be that Alejandro's 403 error is being presented because of a setting in The Guardian™ that needs to be changed?

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #13 - Aug 7th, 2012 at 6:19pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,552
UK:Scotland/livingston


YaBB 2.5
Re: 403 Forbidden Error and .htaccess
Bill Myers wrote on Aug 7th, 2012 at 4:57pm:
Yes, we also use The Guardian, and it thankfully works just fine.

Bill Myers wrote on Aug 7th, 2012 at 5:48pm:
I just pointed out that our forum doesn't have an .htaccess file in it, and it works fine.  

then i dont see how your The Guardian is working as that is the .htaccess it needs
as to the OP it is the root .htaccess that is blocking all subdirectories and the subdirectories for yabb need open in the root .htaccess and the code i thort i used when i had Joomla + 2.3.1 running dident work and i dont have any or access to sites with Joomla running just now

as for the video i was going to make a new one for 2.5 this may happen but i am holding off for the 2.5.2 bug fix and then make some more help videos on some of the settings and that and also for boardmod as well the test video http://www.youtube.com/watch?v=E2uvIZQt0jo but this one was @ 1920x1080p but you can see some of the text so will make them all @1024x768
 
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #14 - Aug 7th, 2012 at 6:38pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,615
Land of the Blazing Sun!


None
Re: 403 Forbidden Error and .htaccess
A few things -

A. Alejandro has an unusual set up, one I am trying to get to the bottom of.

B. Where .htaccess files are found and how they work is dependent on A.

C. How anyone else's server is set up is not mundane to this issue.

Everyone - please stop confusing the issues.

If you want to have a general purpose discussion on how-to with .htaccess, that is what Area 51 is for.  THIS IS NOT THE PLACE FOR IT.

Thanks very much
Cool
 
I find your lack of faith disturbing.
 
IP Logged  
Pages: 1 2 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.