reddeer
New Member
If you get a message like this when you try to save Fabrik Options (or save anything else):
Forbidden
You don't have permission to access /administrator/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
you can check whether a ModSecurity rule has been triggered by looking in the Apache log usually located in /usr/local/apache/logs/error_log
The message will be in this format:
[Timestamp] [:error] [pid some_number] [client
your_ip:some_number] [client your_ip] ModSecurity: [file
"/usr/local/apache/modsecurity.d/11_asl_adv_rules.conf"] [line "62"] [id
"341155"] [rev "3"] [msg "Atomicorp.com WAF Rules: Generic SQL Injection
protection"] [data "varchar"] [severity "CRITICAL"] Access denied with
code 403 (phase 2). Matched phrase "varchar" at
ARGS_NAMES:jform[varchar]. [hostname "www.yourdomain.com"] [uri
"/administrator/index.php"] [unique_id "Long_Alpha_String"],
referer:
https://www.yourdomain.com/administrator/index.php?option=com_config&view=co
mponent&component=com_fabrik&path=&return=really_long_string
You may use a different ruleset other than Atomicorp's ruleset, such as Trustwave SpiderLabs OWASP, but the format of the message will be the same. You are looking for the date and time at which you tried to save as well as the component name com_fabrik.
The fine techs at your hosting company, or you, if you are really confident that know your way around Apache configuration, can whitelist the particular rule that is being triggered, which is identified by the id number.
Once the rule reported in the message is whitelisted, if this is the only problem, you should be able to save.
Remember that rulesets are frequently updated, so it is possible that you could trigger a new rule that wasn't present last time you performed the save operation.
Forbidden
You don't have permission to access /administrator/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
you can check whether a ModSecurity rule has been triggered by looking in the Apache log usually located in /usr/local/apache/logs/error_log
The message will be in this format:
[Timestamp] [:error] [pid some_number] [client
your_ip:some_number] [client your_ip] ModSecurity: [file
"/usr/local/apache/modsecurity.d/11_asl_adv_rules.conf"] [line "62"] [id
"341155"] [rev "3"] [msg "Atomicorp.com WAF Rules: Generic SQL Injection
protection"] [data "varchar"] [severity "CRITICAL"] Access denied with
code 403 (phase 2). Matched phrase "varchar" at
ARGS_NAMES:jform[varchar]. [hostname "www.yourdomain.com"] [uri
"/administrator/index.php"] [unique_id "Long_Alpha_String"],
referer:
https://www.yourdomain.com/administrator/index.php?option=com_config&view=co
mponent&component=com_fabrik&path=&return=really_long_string
You may use a different ruleset other than Atomicorp's ruleset, such as Trustwave SpiderLabs OWASP, but the format of the message will be the same. You are looking for the date and time at which you tried to save as well as the component name com_fabrik.
The fine techs at your hosting company, or you, if you are really confident that know your way around Apache configuration, can whitelist the particular rule that is being triggered, which is identified by the id number.
Once the rule reported in the message is whitelisted, if this is the only problem, you should be able to save.
Remember that rulesets are frequently updated, so it is possible that you could trigger a new rule that wasn't present last time you performed the save operation.
Last edited:
