Hi Stephen,
I’m just setting the system up and getting a 403 when I try to change an offline booking from ‘pending’ to ‘confirmed’. I’ve had a look at other posts and checked htaccess and file permissions and everything appears normal with no php errors being logged.
Any thoughts where I should look next?
Thanks
David
Squirrelhouse
p.s. I was in the View Booking screen when I got the 403. I have since found I can successfully change the booking status in the Bookings list screen although doing this in the View screen where details can be logged would be best of course.
Squirrelhouse
Hi David,
That’s odd, do you get a white screen with 403? For the admin interface, WordPress handles the authentication, but it doesn’t typically return a 403. Could your wp-admin folder be password protected?
Stephen Harris
Squirrelhouse
p.s. for some reason the attachment showing the wp-admin folder properties isn’t showing for me…
Squirrelhouse
no worries, I can see it. I think normally password protecting would give you a 401 anyway.
Have you tried commenting out those .htaccess
rewrite rules which attempt to block access? Typically WordPress or this plug-in doesn’t return a 403, so its probably something configured at the webserver level. The error message is also something that doesn’t appear in either WordPress or this plug-in.
That said, those conditions listed don’t appear to match the URL.
Stephen Harris
Hi Stephen,
Thanks for that. I’ve tried commenting out the htaccess rewrite rules but to no avail. I have noticed some warnings that posix_getpwuid has been disabled but they aren’t being generated at the time of the 403.
I’ve raised a ticket with my hosting partners to see if they have any thoughts and will let you know where I get to.
Many thanks
David
Squirrelhouse
Hi Stephen,
The problem seems to be modsec – when I switched that off it worked. I don’t really want to run with it switched off of course.
I’m currently on EO version 3.9.0 and EO Pro version 3.0.13
Thanks
David
Squirrelhouse
Hi David,
Do you have access to the modsec logs? It should detail why a request was rejected. Feel free to get in touch here if you don’t want to post it on a publicly-viewable forum.
Stephen Harris
Hi Stephen,
I don’t have access myself but I’ve raised a ticket with my hosts asking for the logs. I’ll come back to you then.
Many thanks
David
Squirrelhouse