Forbidden…

  • Resolved pleglise

    (@pleglise)


    3 years, 9 months ago

    Hello,

    I’m trying WP Data Access.
    It looks really cool and I’d love to use it. But I have some issues :
    I very frequently get the error :
    “Forbidden
    You don’t have permission to access this resource.”
    This error appears :
    – every time I clic on “Create table” from de Data Designer screen.
    – every time I clic on “Explore” for table from the Data management screen even though I create the table from this screen.
    – every time I clic on edit ou delete for a template that i could create from the Templates screen.

    I already check permissions on all WP directories,
    My user is administrator
    I unsinstalled, removed tables and directories on the plugin, reinstalled WP Data Access several times…

    I still have these errors…

    Any hint ?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Hi @pleglise,

    Thank you for reaching out!

    Do you have this error only when you try to create a table in the Data Designer? Or with other tools as well? Can you check that please?

    If you for example open the Data Explorer and click on the Explore link of the first table, what happens? Does it work?

    Thanks,
    Peter

    Thread Starter pleglise

    (@pleglise)

    3 years, 9 months ago

    Hello Peter,

    Thanks for your quick answer.
    Yes I have this error in other tools :
    – In Data Explorer when I clic “Explore” on a table (even if the table was created with WP Data Access). The URL that return the error is : https://www.axialdata.net/wp-admin/admin.php?page=wpda&table_name=adapp_quotemaker_numdept&action=listtable
    – In Data Project when I clic on “View” or “Edit” or “Delete” for a Template that was created in WP Data Access. The URL that return the error is : https://www.axialdata.net/wp-admin/admin.php?page=wpda_templates&table_name=mod480_wpda_project_table in the three cases

    If you have any hint, that would be awesome.
    Thanks
    Pierre-Yves

    Plugin Author Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Hi Pierre-Yves,

    I’m afraid your firewall is blocking requests containing the table_name parameter. Some time ago I removed the schema_name from all requests and the table_name for most (I must haved missed some… πŸ‘€).

    The quick solution is to check your log files for errors, find the rule that is blocking those requests and disable that rule.

    The long term solution requires me to take action and remove the table_name parameter from all requests. I added this requirement to my to do list with high priority! But it takes some time…

    Sorry that you run into this issue. But thanks a lot for reporting! πŸ‘ I appreciate that.

    Does this helps?

    Thanks,
    Peter

    Thread Starter pleglise

    (@pleglise)

    3 years, 9 months ago

    Hey Peter,

    Thank you for your quick answer.
    Yes, it’s all clear.

    I’ll try to figure out who’s blocking the request.
    But if it’s between http server and DB server, i’ll be stuck as i don’t own the server and don’t have access to the firewall settings.

    I’ll let you know what I found.

    Thanks anyway, it’s helpfull because I can stop looking for a problem in my WP config πŸ˜‰

    Cheers,
    Pierre-Yves

    Thread Starter pleglise

    (@pleglise)

    3 years, 9 months ago

    Peter,

    I checked the log on the http server and I’m afraid you’re right. Here’s an example :
    [Tue Aug 16 19:49:54 2022] [error] [client 45.XXX.XXX.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\btable_name\\b" at ARGS_NAMES:table_name. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "197"] [id "959914"] [rev "2.1.1"] [msg "Blind SQL Injection Attack"] [data "table_name"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.axialdata.net"] [uri "/wp-admin/admin.php"] [unique_id "YvvYzlhukq7P-R0ALdMF2wADFAE"]

    I’ll check if I can do something on hoster side…
    Let you know.

    Cheers,
    Pierre-Yves

    Thread Starter pleglise

    (@pleglise)

    3 years, 9 months ago

    Hey there !

    Ok, so there is nothing more I can do by now. My hoster is OVH. It’s great but doesn’t give access to the server side apache config and I can understand that : it’s a shared server.

    So I’ll wait for the update πŸ˜‰

    Cheers
    Pierre-Yves

    Plugin Author Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Hi Pierre-Yves,

    There is a new release that I hope solves your issue. Can you please update and check if it works?

    Thanks,
    Peter

    Thread Starter pleglise

    (@pleglise)

    3 years, 9 months ago

    Hey Peter !

    Wow ! That was really a quick fix !!
    Thanks !! Everything is OK now !!

    Really cool plugin. I love it !

    And very good reactivity from you, that’s also great !

    Thanks again.
    Cheers
    Pierre-Yves

    Plugin Author Passionate Programmer Peter

    (@peterschulznl)

    3 years, 9 months ago

    Great! 😊 Glad to hear it is fixed.

    Thank you very much for reporting back,
    Peter

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Forbidden…’ is closed to new replies.