i get "403 access forbidden web application firewall security alarm triggered" when i try to update products on virtue mart. i have tried to change different product prices but i still got 403 access forbidden. i have tried logging in with different users but it gives me same error. i also changed log folder and cgi-bin folder permission to 755 but it still gives me 403 access forbidden web application firewall security alarm triggered error.
![This appears every time i want to update my product prices or when i also try to edit k2 i terms][10]
i don't know what to do anymore, can you please help me
Have you tried disabling your web application firewall in the joomla backend? I am going to guess that your site is running AKeeba Tools which is a common component and this may be running a misconfigured. Start there first. Failing that track down where you web firewall is? It maybe your HTACCESS file is non-standard
Related
Here's my situation:
I recently inherited a website from someone else who's MIA.
Recently the SSL certificate expired.
Website now can't be accessed properly. It first gives me NET::ERR_CERT_DATE_INVALID and when I bypass it, all UI elements look distorted and don't work.
Tried disabling SSL through Joomla admin page and I can't access the option that's embedded under a "server" tab in the settings page...because the UI elements don't work there as well. (Even joomla admin page is forced through https)
Tried disabling SSL or HTTPS through .htaccess and I don't see that https was enabled through that. In other words, no code for me to disable there.
Anyone has suggestions on how to get this page up and running properly again?
I followed every instructions from this site Google Dev Console site
and my web app was working well in http://localhost. No issues.
Now I deployed the web app in the AWS-EC2 server. I also added the Javascript Origins to show my 'subdomain.domain.com'. Upon hitting the button 'Google Login' from webapp on subdomain.domain.com, the google-authentication is not working ; shows the below error, where XX.YY.ZZ.AA is my AWS EC2 instance IP;
Error: invalid_request
Permission denied to generate login hint for target domain.
Request Details
redirect_uri=storagerelay://http/XX.YY.ZZ.AA?id=auth736964
response_type=permission id_token scope=email profile openid
openid.realm=
client_id=625394219770-q0qilkfl05m2fortt25j2j63e2dn6c1r.apps.googleusercontent.com
ss_domain=http://XX.YY.ZZ.AA fetch_basic_profile=true gsiwebsdk=2
That’s all we know.
I am asking for help on how to resolve this. Is it a EC2 forward issue, because the google error is not showing my subdomain.domain.com instead EC2-ip address. or something else?
Using OpenAM i am trying to protect an ADF application, i have installed the weblogic policy agent as documented.
i get prompted to login with the OpenAM screens however once logged in and redirected back to the application i get the following error
Error 403 -- Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Is there any logs or anything i can look at to find the exact reasoning?
the only thing i can think of is its something to do with the ADF security.
By default the Agent is running in 'ALL' mode, which means it's also enforcing authorizations for URL (urlPolicy). So you have to create URL policies as well.
However URL policies often do not make sense for Web Apps, so you could change the agent to run in 'SSO_ONLY' or 'J2EE' mode.
BTW the agent debug log (log level set to 'message' in agent profile) will tell you why it's denying access.
I have a c#.net MVC3 application running on Windows Server 2008 R2 Datacenter.
If I deploy the application as an application under the main site (i.e. www.mysite.com/crm) it works perfectly.
If I deploy the application as a sub-domain to the main site (i.e. crm.mysite.com) it appears to work as expected, with the exception of one endpoint (crm.mysite.com/reports/view). That path returns the following authentication notice:
Authentication Required
The server http://crm.mysite.com:80 requires a username and password.
I am not aware of anything special for that endpoint and, as I mentioned, it works without issues when deployed under the main site.
What would cause this? How do I remove/prevent it?
I don't even know what code to provide to help diagnose the problem. Please let me know if you want to see parts of the code for any section related to this issue.
UPDATE:
I don't move the path to the application files for either situation and they both use the same application pool. The only difference is how a user access the files via IIS.
UPDATE2:
If I authenticate a user, I get this error:
Server Error in '/Reports' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Why would it think the resource doesn't exist when clearly it does?
If you have authentication on the main site, it won't automatically carry authentication across to the sub-domain. You would have to develop a mechanism to handle that such as SSO (single sign on).
Another potential issue is permissions for the directory/application (eg. c:\inetpub\wwwroot\crm.mysite.com)
website - http://www1.internetvoipphone.co.uk/
Note - http://www.internetvoipphone.co.uk/ uses V1.3.2, www1 address is our V1.6 dev site before going live so please only look at that one.
Issue - when a user logs in then browses back to a product page they switch from https back to http which in turn logs them out, we cant find a reason why magento changes some links to https but not others
account details for testing:
username: test#test.com
password: password
I've tried resetting to the default template but the issue still occurs so it must be a magento config issue, any help greatly appreciated
The issue seems to be caused by cookies, we use two URL's www1.internetvoipphone.co.uk and secure.internetvoipphone.co.uk, each domain was sending out a cookie "frontend" which seem to have been conflicting.
setting the cookie domain to .internetvoipphone.co.uk generates a single cookie and as yet seems to have fixed the issue.
Yes the cookie path and also the browser's cache can wreak havoc with Magento when using a development installation, even if on another domain.