The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ] 
Author Message
PostPosted: Sun Feb 17, 2008 2:56 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jul 15, 2007 6:28 pm
Posts: 21
Location: Kent, UK
In the last couple of months I am seeing a lot of this, which never occurred before: frontend editing saves are rejected with a message 'Forbidden Access (flooding)' - or 'Forbidden Access (tag in POST)'. This is with J 1.0.12 and 1.0.13 versions.

This is either (a) a Joomla built-in security block being triggered, or (b) more likely a server setting perhaps. I'm seeing it especially on Apache 1.1.3x / Unix servers. Is this a too-tight default server setting on these servers?

If you Save an edit with a few words of plain text, it seems to be OK; but a fair-sized page with plenty of mixed content gets blocked - probably because of the number of HTTP requests at one time?

Of course, it means that frontend editing is impossible, which makes any kind of community use out of the question. Does anyone know if this is:
a) a Joomla issue;
b) a server setting?

More likely (b) I guess - so what should the minimum HTTP requests per time be set to, to allow frontend edits? And what about the 'tag in POST' error?


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 3:26 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 18855
Location: Omaha, NE
Sounds to me like you have the security features of SH404SEF turned on??

_________________
Regards, Dave
http://www.kiwaniswest.org


Top
 Profile  
 
PostPosted: Sun Feb 17, 2008 4:12 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jul 15, 2007 6:28 pm
Posts: 21
Location: Kent, UK
You are quite right Sir!

Thanks for that.

[it's always an extension issue, isn't it - should have thought of that...]


Top
 Profile  
 
PostPosted: Sat Aug 02, 2008 1:19 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Nov 03, 2007 11:56 am
Posts: 214
I am having this problem as well so I tried to turn off sef security but everytime I save it turns back on. The configuration is writeable but its just not updating.


Top
 Profile  
 
PostPosted: Sat Aug 02, 2008 1:29 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jul 15, 2007 6:28 pm
Posts: 21
Location: Kent, UK
Maybe try editing the file manually by FTP?


Top
 Profile  
 
PostPosted: Mon Aug 18, 2008 1:43 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Nov 03, 2007 11:56 am
Posts: 214
I have searched through the Sef config but just cannot find the line where I can turn it off manually. I am looking at sh404sef.php
is this the correct file to change security options in?


Top
 Profile  
 
PostPosted: Wed Aug 20, 2008 2:17 am 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 13, 2006 11:29 pm
Posts: 62
I've discovered on my setup that it is sh404sef that is causing the problem. Is there a fix for this that anyone has found?


Top
 Profile  
 
PostPosted: Tue Sep 30, 2008 4:19 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Apr 12, 2006 9:36 am
Posts: 61
I am not sure, but I got the same problem.

After installed sh404sef, I can not edit any article at my fontend any more. I just got "Forbidden access".

I think there is something wrong with security function of sh404sef or I did not config properly.

_________________
Have a great day!


Top
 Profile  
 
PostPosted: Wed Nov 19, 2008 4:05 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Nov 19, 2008 3:57 am
Posts: 1
I also got the same problem with editing front page and if someone lost their password .
I fixed this in this steps .
1 sh404SEF Control Panel / security
2 Anti-flood configuration
- Activate anti-flood : yes
- Only if POST data (forms) : NO ( this is your problem editing front page )
Anti-flood control : 50
Max number of requests : 50

And now i have no problem , hope this will help you guys .
Sorry for my bad english :P


Top
 Profile  
 
PostPosted: Fri Dec 12, 2008 7:26 pm 
Joomla! Intern
Joomla! Intern

Joined: Wed Nov 05, 2008 3:24 pm
Posts: 52
I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!

The Wine Nut :'(


Top
 Profile  
 
PostPosted: Sat Dec 13, 2008 3:24 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 18855
Location: Omaha, NE
wineblue2 wrote:
I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!

The Wine Nut :'(

Anti-flood control 200
Max number of requests 100

_________________
Regards, Dave
http://www.kiwaniswest.org


Top
 Profile  
 
PostPosted: Sat Jan 10, 2009 9:31 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri May 04, 2007 2:03 pm
Posts: 6
Location: Virginia
Thanks all for the advice in this thread. I was getting forbidden Access so I set to 200 and 100 as suggested by dhuelsmann but now I am getting:

Redirect Loop
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Any ideas?


Top
 Profile  
 
PostPosted: Tue Jan 13, 2009 12:40 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Dec 06, 2006 12:12 am
Posts: 1
I got the same problem and when i put path in
var $live_site in configuration.php my problems
are gone.

var $live_site = 'http://www.mysite.com';
:) :) :)


Top
 Profile  
 
PostPosted: Tue Jan 13, 2009 1:32 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Feb 06, 2008 2:04 pm
Posts: 15
I was getting this problem too and I fixed it by going to:
sh404SEF component->Advanced Tab
Changing the Home page URL from http://www.mysite.com to <blank>
(ie. deleting the previous entry)

Of note is that I still have the security feature on and it works great!


Top
 Profile  
 
PostPosted: Thu Mar 05, 2009 6:28 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Mar 05, 2009 6:24 am
Posts: 3
I was getting the same "Forbidden Access Error" on https://www.surefirehire.com when I implemented sh404sef

1) I went to sh404sef Component > Security
2) Check also forms data (POST) to "No"

The overlib states that this might be an issue; furthermore, it states to turn it off, if it is an issue.

_________________
surefirehire.com
https://www.surefirehire.com
Connecting Opportunities and Freelancers!


Top
 Profile  
 
PostPosted: Thu Apr 09, 2009 4:00 pm 
Joomla! Intern
Joomla! Intern

Joined: Thu May 22, 2008 1:40 pm
Posts: 67
Location: Philadelphia, PA
Same problem here, which I think is compounded by server permission issues. When I try to make any changes to the sef404 configuration, I get "You don't have permission to access /administrator/index.php on this server."

When I make changes directly in the config file, it breaks the site.

We just went live with the site, but the sysadmin took the whole joomla site out of a subdirectory and copied into the root html folder. Now, I'm afraid to uninstall sef404 to narrow down the source of the problem.

Insights are most appreciated.


Top
 Profile  
 
PostPosted: Sat Jul 18, 2009 6:58 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Sep 04, 2007 11:53 am
Posts: 5
Just for the record for anyone doing a new install in case they come across the same problem:

My install:
Joomla 1.5.12
Default .htaccess rewrites
Enabled sh404SEF 1.0.20_Beta Basic Configuration

Result: Home page showed OK, all other pages displayed a 404 page with no CSS formatting, hit a refresh and got a Forbidden Access (Flooding) page.

Solution: Click on the sh404SEF option to show the Extended parameters, back in the configuration>security tab I ran through all permutations of the previous posts, those that mattered to my setup:

Check also forms data (POST) = No
Activate anti-flood = No
Only if POST data (forms) = No
Anti-flood control = 100
Max number of requests =100

Note that setting the anti-flood control and max no. of requests to less than 100 still resulted in the Forbidden Access (flooding) errors.

All now working OK; Cheers to all the previous posters,

mr_b


Top
 Profile  
 
PostPosted: Mon Aug 03, 2009 12:07 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Aug 03, 2009 12:00 am
Posts: 1
I was having this problem and found it was because I hadn't purged the SEF URLs.

Once you've entered in Custom Redirects you need to click 'Purge SEF URLs' or you'll keep getting this error.

When I did this, all the errors disappeared instantly.


Top
 Profile  
 
PostPosted: Thu Aug 19, 2010 8:17 pm 
Joomla! Intern
Joomla! Intern

Joined: Sun Nov 01, 2009 9:42 pm
Posts: 64
Note that this also happens when there are non-latin characters in the URL. Make sure to replace these characters in the global configuration of the sh404sef.


Top
 Profile  
 
PostPosted: Fri Sep 24, 2010 11:26 am 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Sun Oct 23, 2005 11:48 pm
Posts: 76
I had the same problem and found my answer here.

I did not have to modify any of the sh404sef settings.

I did have to add the live site string in configuration.php as http://www.mysite.com';

I then went in to sh404sef Url Manager and Purged all existing urls.

That is all it took to fix this problem. I hope this simple solution works for others!

Sean Carney


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ] 



Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group