Registration, Login etc. – Forbidden

  • Resolved jannesth

    (@jannesth)


    7 years, 8 months ago

    Hi there,
    I’m searching a solution for my website, I’m using ultimate members since a few years now and never had a problem, during the last weeks the I noticed that the login, registration form, etc. isn’t working anymore. After you entered your details the message; “Forbidden – You do not have permission to access this document. Web Server at @domain_name@” appears.

    I read through many articles and blogs to figure out why and how to fix it but couldn’t find a solution yet.
    If anyone got ideas, please let me know, thanks!
    Cheers jannesth

Viewing 5 replies - 1 through 5 (of 5 total)

  • I have just installed Ultimate Member. When I try to register or login – get the following message –
    “403 Forbidden
    Server configuration does not allow access to this page.
    Return to home page”
    Thanks
    John Burke

    Hi,

    This is probably caused by your WAF (Mod Security or something). If you have access to your security logs, you may read some last lines of it to see which rule is preventing your site to work properly.

    If you don’t have access to your log files, you should contact your web hosting and ask them to check this for you.

    Iman

    Thread Starter jannesth

    (@jannesth)

    @imangm
    Hi Iman, thanks for your quick reply. I checked the logs and found errors where ultimatemembers or modsecurity showed up but I don’t know how to read or fix them either. Would be great if you could help me out, thanks for your help so far. Jannes

    Logs attached here;
    https://pastebin.com/C1mJEpAy

    Hey @jannesth,

    I believe that the problem is with Comodo rule #211540. It doesn’t allow you to submit a form with an input named “user_password” which UltimateMembers plugin is using it to submit your password in the login form.

    It’s a false positive rule on your WAF, so if you have something on your hosting panel to let you add exceptions to the firewall, you should add “211540” there. If you don’t have such option on your hosting panel, you may contact your hosting provider and ask them to disable this rule for your site.

    I hope that helps.
    Iman

    • This reply was modified 7 years, 8 months ago by ImanGM. Reason: mistype
    Thread Starter jannesth

    (@jannesth)

    @imangm
    Hey Iman,

    thanks mate you have been a great help, just figured it out how to fix it. For all users who are using Plesk is a short instruction below, other panels are organised similar.

    1. Go to Data > Logs > xxxx.net (domain with the error) > error_log
    2. Search for blocked IDs and inform yourself what they are doing
    3. Go to Websites & Domains > xxxx.net > Web Application Firewall
    4. Paste the rule ID in the section to exclude the rule and accept

    Hope that helps others to find a solution for their problem as well.
    jannesth

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Registration, Login etc. – Forbidden’ is closed to new replies.