Forbitten You don't have permission...

[konus]

Hello,
I have a strange problem:
If I place a content in the extended entry whitch has two tags in it like <a></a>, then I get the error "Forbitten, You don't have permission to access /serendipity_admin.php on this server."

If I put something between the tags like <a>1</a> it works again, it only fails if there "><" with nothing in between. Also putting the same content in the normal entry does not show the error.

I gess, the problem exists since I updated two of my event plugins yesterday. I remeber it were "event freetag" and "event mycalender", but deaktivating them did not solve my problem. Even temporarly deaktivating all event plugins did not have any effect. The error was still there.

Here is my event plugin list (german)
Textformatierung: Smilies
Erweiterte Eigenschaften von Artikeln
Textformatierung: Smarty Parsing
Textformatierung: Textile
HTML Meta-Tags
Spamschutz
Statische Seiten
Spartacus
Freie Artikel-Tags
Geotag
[Layout-Plugin: Druckfreundliche Version]
Karma
Lightbox/Thickbox JS/Graybox
Hebe Suchwörter hervor
Kontaktformular
Suchmaschinen-Sitemap Generator
Übliche XHTML-Fehler beseitigen
Statistiken
Einträge ankündigen
Mein Kalender
Dashboard
Sample!
QuickNotes
Smilie-Auswahlleiste

What could I do to find the problem?

[Don Chambers]

<a></a>... by itself, or with an href="foo" or name="foo"? I was unable to reproduce this error in my sandbox s9y installation, but I do not have the same list of plugins.

[kleinerChemiker]

Is it an error from serendipity or Apache?

[garvinhicking]

Hi!

A 403 error actually sounds like Apache mod_security, ask your provider if thats enabled.

Regards,
Garvin

[konus]

<a></a>... by itself, or with an href="foo" or name="foo"? I was unable to reproduce this error in my sandbox s9y installation, but I do not have the same list of plugins.

It is all of a sudden with any two tags, also with <b><c> or with >< , but only in extended entry. I temporarly disabled all event plugins, but still have the error.

Is it an error from serendipity or Apache?

How could I find this out?

Hi!
A 403 error actually sounds like Apache mod_security, ask your provider if thats enabled.

I think, this was the right question, thank you!

Yes,I found something at my error log:

Code: Select all

[Sat Jun 13 21:56:40 2009] [error] [client 89.246.165.72] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|" ?> ?<|" ?[a-z]+ ?<.*>|> ?"? ?(>|<)|< ?/?i?frame|\\%env)" at ARGS:serendipity[extended]. [file "/etc/apache2/modsec2/10_asl_rules.conf"] [line "570"] [id "340147"] [rev "38"] [msg "Generic XSS filter"] [severity "CRITICAL"] [hostname "www.dd4kids.de"] [uri "/serendipity_admin.php"] [unique_id "OTCPJ04vCnsAADh@g8MAAABH"]

I will ask my provider....

[konus]

My provider answered already. Your where right garvin, it was a new firewall rule in mod_security. I got a personal exeption rule against the false positiv and everything is working again.
Thank you for the support anyway!