'Forbidden Access' flood block stops frontend editing

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
rolygate
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Sun Jul 15, 2007 6:28 pm
Location: Kent, UK
Contact:

'Forbidden Access' flood block stops frontend editing

Postby rolygate » Sun Feb 17, 2008 2:56 pm

In the last couple of months I am seeing a lot of this, which never occurred before: frontend editing saves are rejected with a message 'Forbidden Access (flooding)' - or 'Forbidden Access (tag in POST)'. This is with J 1.0.12 and 1.0.13 versions.

This is either (a) a Joomla built-in security block being triggered, or (b) more likely a server setting perhaps. I'm seeing it especially on Apache 1.1.3x / Unix servers. Is this a too-tight default server setting on these servers?

If you Save an edit with a few words of plain text, it seems to be OK; but a fair-sized page with plenty of mixed content gets blocked - probably because of the number of HTTP requests at one time?

Of course, it means that frontend editing is impossible, which makes any kind of community use out of the question. Does anyone know if this is:
a) a Joomla issue;
b) a server setting?

More likely (b) I guess - so what should the minimum HTTP requests per time be set to, to allow frontend edits? And what about the 'tag in POST' error?

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19254
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby dhuelsmann » Sun Feb 17, 2008 3:26 pm

Sounds to me like you have the security features of SH404SEF turned on??
Regards, Dave
Past Treasurer Open Source Matters, Inc.
http://www.kiwaniswest.org

rolygate
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Sun Jul 15, 2007 6:28 pm
Location: Kent, UK
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby rolygate » Sun Feb 17, 2008 4:12 pm

You are quite right Sir!

Thanks for that.

[it's always an extension issue, isn't it - should have thought of that...]

User avatar
ghog
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 214
Joined: Sat Nov 03, 2007 11:56 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby ghog » Sat Aug 02, 2008 1:19 am

I am having this problem as well so I tried to turn off sef security but everytime I save it turns back on. The configuration is writeable but its just not updating.

rolygate
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Sun Jul 15, 2007 6:28 pm
Location: Kent, UK
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby rolygate » Sat Aug 02, 2008 1:29 am

Maybe try editing the file manually by FTP?

User avatar
ghog
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 214
Joined: Sat Nov 03, 2007 11:56 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby ghog » Mon Aug 18, 2008 1:43 am

I have searched through the Sef config but just cannot find the line where I can turn it off manually. I am looking at sh404sef.php
is this the correct file to change security options in?

theone
Joomla! Intern
Joomla! Intern
Posts: 62
Joined: Fri Oct 13, 2006 11:29 pm

Re: 'Forbidden Access' flood block stops frontend editing

Postby theone » Wed Aug 20, 2008 2:17 am

I've discovered on my setup that it is sh404sef that is causing the problem. Is there a fix for this that anyone has found?

ahn
Joomla! Intern
Joomla! Intern
Posts: 61
Joined: Wed Apr 12, 2006 9:36 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby ahn » Tue Sep 30, 2008 4:19 am

I am not sure, but I got the same problem.

After installed sh404sef, I can not edit any article at my fontend any more. I just got "Forbidden access".

I think there is something wrong with security function of sh404sef or I did not config properly.
Have a great day!

luckyvox
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Nov 19, 2008 3:57 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby luckyvox » Wed Nov 19, 2008 4:05 am

I also got the same problem with editing front page and if someone lost their password .
I fixed this in this steps .
1 sh404SEF Control Panel / security
2 Anti-flood configuration
- Activate anti-flood : yes
- Only if POST data (forms) : NO ( this is your problem editing front page )
Anti-flood control : 50
Max number of requests : 50

And now i have no problem , hope this will help you guys .
Sorry for my bad english :P

wineblue2
Joomla! Intern
Joomla! Intern
Posts: 52
Joined: Wed Nov 05, 2008 3:24 pm

Re: 'Forbidden Access' flood block stops frontend editing

Postby wineblue2 » Fri Dec 12, 2008 7:26 pm

I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!

The Wine Nut :'(

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19254
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby dhuelsmann » Sat Dec 13, 2008 3:24 am

wineblue2 wrote:I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!

The Wine Nut :'(

Anti-flood control 200
Max number of requests 100
Regards, Dave
Past Treasurer Open Source Matters, Inc.
http://www.kiwaniswest.org

User avatar
mermedia
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Fri May 04, 2007 2:03 pm
Location: Virginia
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby mermedia » Sat Jan 10, 2009 9:31 pm

Thanks all for the advice in this thread. I was getting forbidden Access so I set to 200 and 100 as suggested by dhuelsmann but now I am getting:

Redirect Loop
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Any ideas?

motorhead
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Dec 06, 2006 12:12 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby motorhead » Tue Jan 13, 2009 12:40 am

I got the same problem and when i put path in
var $live_site in configuration.php my problems
are gone.

var $live_site = 'http://www.mysite.com';
:) :) :)

caplinq
Joomla! Apprentice
Joomla! Apprentice
Posts: 15
Joined: Wed Feb 06, 2008 2:04 pm

Re: 'Forbidden Access' flood block stops frontend editing

Postby caplinq » Tue Jan 13, 2009 1:32 pm

I was getting this problem too and I fixed it by going to:
sh404SEF component->Advanced Tab
Changing the Home page URL from http://www.mysite.com to <blank>
(ie. deleting the previous entry)

Of note is that I still have the security feature on and it works great!

surefirehire
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Mar 05, 2009 6:24 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby surefirehire » Thu Mar 05, 2009 6:28 am

I was getting the same "Forbidden Access Error" on https://www.surefirehire.com when I implemented sh404sef

1) I went to sh404sef Component > Security
2) Check also forms data (POST) to "No"

The overlib states that this might be an issue; furthermore, it states to turn it off, if it is an issue.
surefirehire.com
https://www.surefirehire.com
Connecting Opportunities and Freelancers!

randy270
Joomla! Intern
Joomla! Intern
Posts: 67
Joined: Thu May 22, 2008 1:40 pm
Location: Philadelphia, PA
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby randy270 » Thu Apr 09, 2009 4:00 pm

Same problem here, which I think is compounded by server permission issues. When I try to make any changes to the sef404 configuration, I get "You don't have permission to access /administrator/index.php on this server."

When I make changes directly in the config file, it breaks the site.

We just went live with the site, but the sysadmin took the whole joomla site out of a subdirectory and copied into the root html folder. Now, I'm afraid to uninstall sef404 to narrow down the source of the problem.

Insights are most appreciated.

mrbeever
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Sep 04, 2007 11:53 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby mrbeever » Sat Jul 18, 2009 6:58 am

Just for the record for anyone doing a new install in case they come across the same problem:

My install:
Joomla 1.5.12
Default .htaccess rewrites
Enabled sh404SEF 1.0.20_Beta Basic Configuration

Result: Home page showed OK, all other pages displayed a 404 page with no CSS formatting, hit a refresh and got a Forbidden Access (Flooding) page.

Solution: Click on the sh404SEF option to show the Extended parameters, back in the configuration>security tab I ran through all permutations of the previous posts, those that mattered to my setup:

Check also forms data (POST) = No
Activate anti-flood = No
Only if POST data (forms) = No
Anti-flood control = 100
Max number of requests =100

Note that setting the anti-flood control and max no. of requests to less than 100 still resulted in the Forbidden Access (flooding) errors.

All now working OK; Cheers to all the previous posters,

mr_b

nightjar
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Aug 03, 2009 12:00 am

Re: 'Forbidden Access' flood block stops frontend editing

Postby nightjar » Mon Aug 03, 2009 12:07 am

I was having this problem and found it was because I hadn't purged the SEF URLs.

Once you've entered in Custom Redirects you need to click 'Purge SEF URLs' or you'll keep getting this error.

When I did this, all the errors disappeared instantly.

ermand
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Nov 01, 2009 9:42 pm

Re: 'Forbidden Access' flood block stops frontend editing

Postby ermand » Thu Aug 19, 2010 8:17 pm

Note that this also happens when there are non-latin characters in the URL. Make sure to replace these characters in the global configuration of the sh404sef.

User avatar
scarney
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sun Oct 23, 2005 11:48 pm
Contact:

Re: 'Forbidden Access' flood block stops frontend editing

Postby scarney » Fri Sep 24, 2010 11:26 am

I had the same problem and found my answer here.

I did not have to modify any of the sh404sef settings.

I did have to add the live site string in configuration.php as http://www.mysite.com';

I then went in to sh404sef Url Manager and Purged all existing urls.

That is all it took to fix this problem. I hope this simple solution works for others!

Sean Carney


Return to “Security - 1.0.x”

Who is online

Users browsing this forum: No registered users and 2 guests