Forum Index >  glFusion >  glFusion Support New Topic Post Reply
 403 error when trying to login via http://
   |  Printable Version
By: Anonymous: aa6qn ()  Dec 09 2008 23:21 pm (Read 1462 times)  
Anonymous: aa6qn

I have seemed to have created myself another problem where as when someone tries to login using http://[website]/users.php they get this message:
Error 403
We're sorry, but we could not fulfill your request for /users.php on this server.
You do not have permission to access this server. Data may not be posted from offsite forms
<more lines....>
logging into the site using https://[website] works just fine.

Removed the .htaccess and still same thing. users.php Permissions are 644 and non-root.non-root

Just upgraded to 1.1.1 from 1.1.0 no change.

Thank you in advance

By: Mark (offline)  Dec 09 2008 23:36 pm  

It is the Bad Behavior plugin. What is happening is they are probably using, but the $_CONF['site_url'] is, to the URL in the header doesn't match what is in the form.

What I've done is setup a redirect in Apache so anything to redirects to


Forum Admin

Group Comfort
: +112

Registered: 10/21/05
Posts: 6425
Location: The Great State of

By: Anonymous: aa6qn ()  Dec 10 2008 06:17 am  
Anonymous: aa6qn

Once again, thank you

Testing by disabling Bad-behavior things did work.

I have multiple differnet domains pointed to the same site which are quite different than my apache site name that is set in the gl_conf_values (site_url and site_admin_url). Guess I had better learn about doing redirects in apache.

On another note: I had in the past dropped the site_url and site_admin_url too:
site_url = s:0:""
site_admin_url = s:6:"/admin"

to enable access to the site, which sits in a outside DMZ, from internal trusted network. This kinda works as several admin functions do not work.

Not sure what the interaction would be with Bad_behavior as well.


By: Anonymous: aa6qn ()  Dec 11 2008 07:14 am  
Anonymous: aa6qn

Looking at mod_alias and mod_rewrite for Redirect it seems that mod_alias is the simpler: "redirect permanent / http://www.[]"

I can see in the apache 2.2 doc's docs of redirect changing things like resources but not URL's i.e. "redirect permanent /file-resource-1 http://www.[]/file-resource-2"
I did not see anything that redirects [] to www.[] unless that is the first above redirect permanent statement?

Looking at mod_rewrite I did find a nice rule to change incoming http sessions to https which direct users into an SSL environment. (thank you for those server.crt's)

# Basic rewrite rule for http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

I did not find rule yet to fulfill the [] to www.[] redirect. I would also want something to do [] to www.[] and [] to www.[]...

This is all new to me. Currently that only way I can get things to work is to disable Bad-behavior (which I did not want to do). I don't think this was an issue back in 1.0.2 or ealier (I could be wrong).

Still plugging away....

By: Anonymous: aa6qn ()  Dec 11 2008 10:18 am  
Anonymous: aa6qn

Well the Rewrite rule does force the https session. It breaks the login (form flow?). To bad as I really like working in a secure connection.

I recreated the server.crt to match the site fully qualified url and now everything matches. I enabled Bad-behavior plugin and its all seems to work.

I keep digging a new hole. as originally I could start an X session on the servers console and login to the site (which resides on the box's localhost) using http://localhost or to connect. Now it tries to go out to the web looking for www.[sitename].org which means most likely its a /etc/hosts resolution fix on the local machine

I would really like to see/learn the proper method to redirect a series of different incoming url's to a single local url.

www.[] to http://www.[local-sitename].org
[] to http://www.[local-sitename].org
www.[] to http://www.[local-sitename].org
[] to http://www.[local-sitename].org

or how about redirection to a SSL connection?

www.[] to https://www.[local-sitename].org
[] to https://www.[local-sitename].org

www[] to https://www.[local-sitename].org
[] to https://www.[local-sitename].org

New Topic Post Reply

 All times are CDT. The time is now 03:16 pm.
Normal Topic Normal Topic
Locked Topic Locked Topic
Sticky Topic Sticky Topic
New Post New Post
Sticky Topic w/ New Post Sticky Topic w/ New Post
Locked Topic w/ New Post Locked Topic w/ New Post
View Anonymous Posts 
Able to Post 
HTML Allowed 
Censored Content