[Solved] 403 Forbidden when logging in or logging out -- only when url contains 'g1_return' parameter

chikurt

Joined: 2007-11-14
Posts: 4
Posted: Tue, 2008-11-25 23:39

The following information is required to get an answer:
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful): www.eurasianmissions.org/photos
Gallery version: 1.5.10
Apache version: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8i DAV/2
PHP version (don't just say PHP 4, please): 5.2.6
Graphics Toolkit: ImageMagick
Operating system: Local or server? Apache on the server
Web browser/version (if applicable): Firefox and IE

When I click the 'login' link or 'logout' link, I get a server error...

Quote:
Forbidden
You don't have permissions to access /photos/login.php on this server.

These links contain a 'g1_return' parameter. If I manually type in the link without the g1_return argument/parameter I can log in or out fine.

For example, this doesn't work:

Quote:
http://www.eurasianmissions.org/photos/login.php?g1_return=http%3A%2F%2Fwww.eurasianmissions.org%2Fphotos%2Falbums.php%3Fpage%3D1&cmd=logout

But this does work:

Quote:
http://www.eurasianmissions.org/photos/login.php?cmd=logout

There are no relevant entries in the server error log (other than a missing 403.shtml file)

I just upgraded to 1.5.10 and thought that might be it. I went back to an older version from a backup and it is the same. Maybe a server setting (shared host with hostgator, by the way)?

THANKS!
 
Tim_j
Tim_j's picture

Joined: 2002-08-15
Posts: 6818
Posted: Tue, 2008-11-25 23:55

Hi,

there is a Apache module called mod_security or something.
It does not allow URLS with "cmd" in it.

That might be a reason.

Jens
--
Gallery Developer
 
chikurt

Joined: 2007-11-14
Posts: 4
Posted: Wed, 2008-11-26 04:23

The problem was solved by my host:

Quote:
I have whitelisted your domain for the mod_security rule it was hitting. Please try again.