'Forbidden Access' flood block stops frontend editing
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun Jul 15, 2007 6:28 pm
- Location: Kent, UK
- Contact:
'Forbidden Access' flood block stops frontend editing
In the last couple of months I am seeing a lot of this, which never occurred before: frontend editing saves are rejected with a message 'Forbidden Access (flooding)' - or 'Forbidden Access (tag in POST)'. This is with J 1.0.12 and 1.0.13 versions.
This is either (a) a Joomla built-in security block being triggered, or (b) more likely a server setting perhaps. I'm seeing it especially on Apache 1.1.3x / Unix servers. Is this a too-tight default server setting on these servers?
If you Save an edit with a few words of plain text, it seems to be OK; but a fair-sized page with plenty of mixed content gets blocked - probably because of the number of HTTP requests at one time?
Of course, it means that frontend editing is impossible, which makes any kind of community use out of the question. Does anyone know if this is:
a) a Joomla issue;
b) a server setting?
More likely (b) I guess - so what should the minimum HTTP requests per time be set to, to allow frontend edits? And what about the 'tag in POST' error?
This is either (a) a Joomla built-in security block being triggered, or (b) more likely a server setting perhaps. I'm seeing it especially on Apache 1.1.3x / Unix servers. Is this a too-tight default server setting on these servers?
If you Save an edit with a few words of plain text, it seems to be OK; but a fair-sized page with plenty of mixed content gets blocked - probably because of the number of HTTP requests at one time?
Of course, it means that frontend editing is impossible, which makes any kind of community use out of the question. Does anyone know if this is:
a) a Joomla issue;
b) a server setting?
More likely (b) I guess - so what should the minimum HTTP requests per time be set to, to allow frontend edits? And what about the 'tag in POST' error?
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
Sounds to me like you have the security features of SH404SEF turned on??
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun Jul 15, 2007 6:28 pm
- Location: Kent, UK
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
You are quite right Sir!
Thanks for that.
[it's always an extension issue, isn't it - should have thought of that...]
Thanks for that.
[it's always an extension issue, isn't it - should have thought of that...]
- ghog
- Joomla! Enthusiast
- Posts: 214
- Joined: Sat Nov 03, 2007 11:56 am
Re: 'Forbidden Access' flood block stops frontend editing
I am having this problem as well so I tried to turn off sef security but everytime I save it turns back on. The configuration is writeable but its just not updating.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Sun Jul 15, 2007 6:28 pm
- Location: Kent, UK
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
Maybe try editing the file manually by FTP?
- ghog
- Joomla! Enthusiast
- Posts: 214
- Joined: Sat Nov 03, 2007 11:56 am
Re: 'Forbidden Access' flood block stops frontend editing
I have searched through the Sef config but just cannot find the line where I can turn it off manually. I am looking at sh404sef.php
is this the correct file to change security options in?
is this the correct file to change security options in?
-
- Joomla! Intern
- Posts: 62
- Joined: Fri Oct 13, 2006 11:29 pm
Re: 'Forbidden Access' flood block stops frontend editing
I've discovered on my setup that it is sh404sef that is causing the problem. Is there a fix for this that anyone has found?
-
- Joomla! Intern
- Posts: 60
- Joined: Wed Apr 12, 2006 9:36 am
Re: 'Forbidden Access' flood block stops frontend editing
I am not sure, but I got the same problem.
After installed sh404sef, I can not edit any article at my fontend any more. I just got "Forbidden access".
I think there is something wrong with security function of sh404sef or I did not config properly.
After installed sh404sef, I can not edit any article at my fontend any more. I just got "Forbidden access".
I think there is something wrong with security function of sh404sef or I did not config properly.
Have a great day!
-
- Joomla! Fledgling
- Posts: 1
- Joined: Wed Nov 19, 2008 3:57 am
Re: 'Forbidden Access' flood block stops frontend editing
I also got the same problem with editing front page and if someone lost their password .
I fixed this in this steps .
1 sh404SEF Control Panel / security
2 Anti-flood configuration
- Activate anti-flood : yes
- Only if POST data (forms) : NO ( this is your problem editing front page )
Anti-flood control : 50
Max number of requests : 50
And now i have no problem , hope this will help you guys .
Sorry for my bad english :P
I fixed this in this steps .
1 sh404SEF Control Panel / security
2 Anti-flood configuration
- Activate anti-flood : yes
- Only if POST data (forms) : NO ( this is your problem editing front page )
Anti-flood control : 50
Max number of requests : 50
And now i have no problem , hope this will help you guys .
Sorry for my bad english :P
-
- Joomla! Intern
- Posts: 52
- Joined: Wed Nov 05, 2008 3:24 pm
Re: 'Forbidden Access' flood block stops frontend editing
I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!
The Wine Nut
The Wine Nut
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
Anti-flood control 200wineblue2 wrote:I am running J1.5.8 on PHP 5.2.5 with SH404SEF 1.0.11 and yes I have the anti-flooding security turned on and set to 50 sec for anti-flooding control. I started getting the Forbidden access page when trying to access XMap from the front end, but despite my trying to use the suggests in this forum have not had any positive results that have corrected this issue. Help!
The Wine Nut
Max number of requests 100
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
- mermedia
- Joomla! Apprentice
- Posts: 6
- Joined: Fri May 04, 2007 2:03 pm
- Location: Virginia
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
Thanks all for the advice in this thread. I was getting forbidden Access so I set to 200 and 100 as suggested by dhuelsmann but now I am getting:
Redirect Loop
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Any ideas?
Redirect Loop
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Any ideas?
-
- Joomla! Fledgling
- Posts: 1
- Joined: Wed Dec 06, 2006 12:12 am
Re: 'Forbidden Access' flood block stops frontend editing
I got the same problem and when i put path in
var $live_site in configuration.php my problems
are gone.
var $live_site = 'http://www.mysite.com';
var $live_site in configuration.php my problems
are gone.
var $live_site = 'http://www.mysite.com';
-
- Joomla! Apprentice
- Posts: 15
- Joined: Wed Feb 06, 2008 2:04 pm
Re: 'Forbidden Access' flood block stops frontend editing
I was getting this problem too and I fixed it by going to:
sh404SEF component->Advanced Tab
Changing the Home page URL from http://www.mysite.com to <blank>
(ie. deleting the previous entry)
Of note is that I still have the security feature on and it works great!
sh404SEF component->Advanced Tab
Changing the Home page URL from http://www.mysite.com to <blank>
(ie. deleting the previous entry)
Of note is that I still have the security feature on and it works great!
-
- Joomla! Fledgling
- Posts: 3
- Joined: Thu Mar 05, 2009 6:24 am
Re: 'Forbidden Access' flood block stops frontend editing
I was getting the same "Forbidden Access Error" on https://www.surefirehire.com when I implemented sh404sef
1) I went to sh404sef Component > Security
2) Check also forms data (POST) to "No"
The overlib states that this might be an issue; furthermore, it states to turn it off, if it is an issue.
1) I went to sh404sef Component > Security
2) Check also forms data (POST) to "No"
The overlib states that this might be an issue; furthermore, it states to turn it off, if it is an issue.
-
- Joomla! Intern
- Posts: 67
- Joined: Thu May 22, 2008 1:40 pm
- Location: Philadelphia, PA
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
Same problem here, which I think is compounded by server permission issues. When I try to make any changes to the sef404 configuration, I get "You don't have permission to access /administrator/index.php on this server."
When I make changes directly in the config file, it breaks the site.
We just went live with the site, but the sysadmin took the whole joomla site out of a subdirectory and copied into the root html folder. Now, I'm afraid to uninstall sef404 to narrow down the source of the problem.
Insights are most appreciated.
When I make changes directly in the config file, it breaks the site.
We just went live with the site, but the sysadmin took the whole joomla site out of a subdirectory and copied into the root html folder. Now, I'm afraid to uninstall sef404 to narrow down the source of the problem.
Insights are most appreciated.
-
- Joomla! Apprentice
- Posts: 5
- Joined: Tue Sep 04, 2007 11:53 am
Re: 'Forbidden Access' flood block stops frontend editing
Just for the record for anyone doing a new install in case they come across the same problem:
My install:
Joomla 1.5.12
Default .htaccess rewrites
Enabled sh404SEF 1.0.20_Beta Basic Configuration
Result: Home page showed OK, all other pages displayed a 404 page with no CSS formatting, hit a refresh and got a Forbidden Access (Flooding) page.
Solution: Click on the sh404SEF option to show the Extended parameters, back in the configuration>security tab I ran through all permutations of the previous posts, those that mattered to my setup:
Check also forms data (POST) = No
Activate anti-flood = No
Only if POST data (forms) = No
Anti-flood control = 100
Max number of requests =100
Note that setting the anti-flood control and max no. of requests to less than 100 still resulted in the Forbidden Access (flooding) errors.
All now working OK; Cheers to all the previous posters,
mr_b
My install:
Joomla 1.5.12
Default .htaccess rewrites
Enabled sh404SEF 1.0.20_Beta Basic Configuration
Result: Home page showed OK, all other pages displayed a 404 page with no CSS formatting, hit a refresh and got a Forbidden Access (Flooding) page.
Solution: Click on the sh404SEF option to show the Extended parameters, back in the configuration>security tab I ran through all permutations of the previous posts, those that mattered to my setup:
Check also forms data (POST) = No
Activate anti-flood = No
Only if POST data (forms) = No
Anti-flood control = 100
Max number of requests =100
Note that setting the anti-flood control and max no. of requests to less than 100 still resulted in the Forbidden Access (flooding) errors.
All now working OK; Cheers to all the previous posters,
mr_b
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon Aug 03, 2009 12:00 am
Re: 'Forbidden Access' flood block stops frontend editing
I was having this problem and found it was because I hadn't purged the SEF URLs.
Once you've entered in Custom Redirects you need to click 'Purge SEF URLs' or you'll keep getting this error.
When I did this, all the errors disappeared instantly.
Once you've entered in Custom Redirects you need to click 'Purge SEF URLs' or you'll keep getting this error.
When I did this, all the errors disappeared instantly.
-
- Joomla! Intern
- Posts: 64
- Joined: Sun Nov 01, 2009 9:42 pm
Re: 'Forbidden Access' flood block stops frontend editing
Note that this also happens when there are non-latin characters in the URL. Make sure to replace these characters in the global configuration of the sh404sef.
- scarney
- Joomla! Enthusiast
- Posts: 111
- Joined: Sun Oct 23, 2005 11:48 pm
- Contact:
Re: 'Forbidden Access' flood block stops frontend editing
I had the same problem and found my answer here.
I did not have to modify any of the sh404sef settings.
I did have to add the live site string in configuration.php as http://www.mysite.com';
I then went in to sh404sef Url Manager and Purged all existing urls.
That is all it took to fix this problem. I hope this simple solution works for others!
Sean Carney
I did not have to modify any of the sh404sef settings.
I did have to add the live site string in configuration.php as http://www.mysite.com';
I then went in to sh404sef Url Manager and Purged all existing urls.
That is all it took to fix this problem. I hope this simple solution works for others!
Sean Carney
Been using Joomla since it was Mambo. I am still a beginner.