search

opencaching / opencaching-pl

The source code of Opencaching.PL (and some other domains)
https://opencaching.pl/
GNU General Public License v3.0
22 stars 33 forks source link

403 Forbidden Error After Attempting to Log In on Cache and PowerTrail Pages #2409

Closed stefopl closed 3 weeks ago

stefopl commented 1 month ago

When a user tries to log in on a specific Cache page or a specific PowerTrail page, they get a "403 Forbidden" error.

Affected URLs:

Cache page: https://opencaching.pl/viewcache.php?wp=OP9WQ4 PowerTrail page: https://opencaching.pl/powerTrail.php?ptAction=showSerie&ptrail=2224

Error URLs:

Cache page redirection: https://opencaching.pl/UserAuthorization/verifyAuthCookie?target=%2Fviewcache.php%3Fwp%3DOP9WQ4 PowerTrail page redirection: https://opencaching.pl/UserAuthorization/verifyAuthCookie?target=%2FpowerTrail.php%3FptAction%3DshowSerie%26ptrail%3D2224

Error Message:

403 Forbidden
You don't have permission to access this resource.
Apache Server at opencaching.pl Port 443

The expected URLs should be:

Cache page: https://opencaching.pl/UserAuthorization/verifyAuthCookie?target=/viewcache.php?wp=OP9WQ4 PowerTrail page: https://opencaching.pl/UserAuthorization/verifyAuthCookie?target=/powerTrail.php?ptAction=showSerie&ptrail=2224

stefopl commented 1 month ago

The problem seems to be with the configuration of PHP, Apache2, or mod_security, because I can't reproduce the issue on my local or dev

The problem occurs on https://opencaching.pl/ https://opencache.uk but doesn't occur on https://www.opencaching.ro https://www.opencaching.nl

stefopl commented 1 month ago

@deg-pl @kojoty mógłby ktoś na to spojrzeć? Użytkownicy wchodzą na stronę kesza np. z maila lub z c:geo i nie mogą się zalogować. Obejściem jest otworzenie strony głównej i zalogowanie się tam, a potem ponowne przejście na stronę kesza co jest uciążliwe a poza tym użytkownicy o tym nie wiedzą. Inna opcja to wyłączenie auto wylogowywania w edycji profilu.

kojoty commented 4 weeks ago

Hej, kurcze nie wyrabiam się lokalnie - postaram się zerknąć w najbliższych dniach

deg-pl commented 4 weeks ago

Ja niestety mam ciężko chorego ojca w szpitalu, opieka zżera mi wiele godzin dziennie (mieszkam 70km od szpitala). @stefopl jakbym Ci utworzył użytkownika na serwerze, dałbyś radę zdiagnozować problem? Jeśli tak, podeślij mi swój klucz SSH na deg małpa opencaching kropka pl @kojoty co o tym myślisz?

stefopl commented 3 weeks ago

The intervention of server administrators is needed. https://www.opencaching.ro/ https://www.opencaching.nl/ https://www.opencaching.us/. Due to changes in the .htaccess file, a 500 Error has appeared. A fix that resolves the issue is already in the Git repository, but it needs to be applied manually.

It is also recommended to enable the mod_version module in Apache2.

@andrixnet @harrieklomp

andrixnet commented 3 weeks ago

I get in the error log the following: .htaccess: RewriteRule: unknown flag 'UnsafeAllow3F'

Apache is 2.4.58. mod_version is active.

This after manually updating from repository. NL and US in the same situation.

andrixnet commented 3 weeks ago

According to this https://www.apachelounge.com/changelog-2.4.html the new flag was introduced in 2.4.60 so the version check is wrong.

andrixnet commented 3 weeks ago

https://github.com/opencaching/opencaching-pl/commit/a6ba0540affac98843a17a915dcfde6aa8304193 fixes OCRO, OCNL, OCUS.

andrixnet commented 3 weeks ago

Upon server hosting upgrade the version conditionals will be removed. I'll tend to that when the time comes.

deg-pl commented 3 weeks ago

@andrixnet thank you for your quick response!