Creating Support Department Issue

[eunger9]

Creating my first support department at /admin/plugin/support_manager/admin_departments/add/ results in 403 Forbidden, access denied, error on the webpage. 

Before changing any file permissions on the server... wanted to check with you guys.  Thoughts? 

 

Blesta Version 3.6.1

[eunger9]

Sorted. It was ModSecurity preventing some forms from being submitted and writing data from /support/ to the DB.

Thanks for everyone's suggestions and quick assistance! 

[Michael]

Weird, it should work fine, have you added the permissions to the account? They are normally added when you install it by default but something might have happened. Settings > System > Staff > Staff groups > admin: edit

 

See if the support department boxes are ticked.

Do you have a .htaccess? If not it would be index.php/admin/plugin/support_manager/admin_departments/add/

 

Do you have CloudFlare, do you have rocket loader enabled that mucks up js.

[eunger9]

Weird, it should work fine, have you added the permissions to the account? They are normally added when you install it by default but something might have happened. Settings > System > Staff > Staff groups > admin: edit

 

See if the support department boxes are ticked.

Do you have a .htaccess? If not it would be index.php/admin/plugin/support_manager/admin_departments/add/

 

Do you have CloudFlare, do you have rocket loader enabled that mucks up js.

 

 

Thanks for your quick response, Michael.  I've checked staff group and it seems fine (see screenshot  https://www.dropbox.com/s/ckdtrihpd9upzdv/Screenshot%202016-01-20%2021.32.16.png?dl=0 ) 

 

Wordpress is installed on domain.com ... so it is domain.com/support/admin to get to Blesta admin.  Perhaps something was changed in .htaccess or the actual file permissions, you're right.   Didn't want to mess with those until I checked everything else though......

 

& no to CloudFlare & rocket.

 

Thanks.

[Michael]

That's not the settings it should look like this:

 

[Tyson]

This issue is most-likely webserver related, possibly due to a conflict/misconfiguration with Wordpress. You should check the webserver's error log for more information.

[eunger9]

That's not the settings it should look like this:

 

 

Thanks, I've checked that page and have everything checked like you do. 

 

 

This issue is most-likely webserver related, possibly due to a conflict/misconfiguration with Wordpress. You should check the webserver's error log for more information.

 

Thanks Tyson, I am looking in to this right now, with the help of the web host provider as well.  Haven't found anything yet. 

[Michael]

Thanks, I've checked that page and have everything checked like you do. 

 

 

 

Thanks Tyson, I am looking in to this right now, with the help of the web host provider as well.  Haven't found anything yet. 

 

I believe Tyson is right but it's a .htaccess issue in the root domain for Wordpress. I couldn't find the fix though but it's running its rubbish in the sub folders.

 

I found the Drupal one though https://www.drupal.org/node/30334

[Paul]

Sorted. It was ModSecurity preventing some forms from being submitted and writing data from /support/ to the DB.

Thanks for everyone's suggestions and quick assistance! 

 

Very good, thanks for the update! 

[Michael]

Sorted. It was ModSecurity preventing some forms from being submitted and writing data from /support/ to the DB.

Thanks for everyone's suggestions and quick assistance! 

 

Bloody ModSecurity again

[turner2f]

OK.

I found a significant reason and solution to this issue...

** MOSTLY RESOLVED ** 

After taking a look at...

https://www.blesta.com/forums/index.php?/topic/5799-creating-support-department-issue/#comment-40873

And then going to...

http://www.wpbeginner.com/wp-tutorials/how-to-fix-the-403-forbidden-error-in-wordpress/ 

 

Where it says,

Quote

 

"The most common cause for the 403 Forbidden error in WordPress is due to poorly configured security plugins. Many WordPress security plugins can block an IP address (or a whole range of IP addresses) if they believe them to be malicious.

This is why we use Sucuri to improve security of all our WordPress sites.

Another possible cause could be a corrupt .htaccess file or incorrect file permissions on your server.

Your WordPress hosting company can sometimes make accidental changes to their server settings. This may result in 403 Forbidden error on your site " .

 

 

NOTE : If you read further down in the article it gives different solutions to resolve this 403 issue.

 

=========================

 

As for myself, I found that the issue appears to be originating from the plugins folder of the WordPress Installation that is under the same domain name.

It seems that one of the "WordFence" security plugin in the WordPress installation is affecting the Host / Billing software. Even though the Host / Billing software is installed in a sub-folder.

The "WordFence" security plugin can be obtained at https://wordpress.org/plugins/wordfence/

 

===========

 

As an experiment...

1) - I used SFTP to access the WordPress plugins folder at " /public_html/wp-content/plugins/wordfence " and changed it to " /public_html/wp-content/plugins/wordfence (OFF) ".

2) - After I did this, I went to the Host / Billing software at Support - - > Departments - - > Add Department icon - - > clicked on "Add Department" button once I was done.

3) - And now, I have access WITHOUT the 403 Forbidden Error.

 

==========

 

1) - So then I changed the plugin name back to its original state " /public_html/wp-content/plugins/wordfence ".

2)- I then logged into the WP Admin and went to the "Word Fence" - -> Option - -> Other Options - -> Whitelisted IP addresses that bypass all rules: settings.

3) - And then inserted my IP Address to the whitelist and saved.

4) - This appeared to work.

5) - Then I went back and DELETED my IP Address from the whitelist in WordFence

6) - Amazingly, I STILL have access to the Host / Billing software at Support - - > Departments - - > Add Department icon and was able to add or edit the department.

 

============

 

IN SUMMARY...

My best guess is that the "WordFence Security plugin" in WordPress is writing something to the WordPress .htaccess file which was affecting the Host / Billing software that is installed in my sub-directory.

 

==========

 

So it appears that this issue "IS RESOLVED" for the most part

BUT just curious to know if there is a way to ...

1) - get the web server's Mod_Security rule to ignore what the WordPress "WordFence" plugin is doing concerning my access to the "Departments" page of the Host / Billing installation ?

2) - get WordPress .htaccess in the root domain for Wordpress to ignore my access to the "Departments" page of the Host / Billing installation ?

==========

Hope this help everyone

Look forward to your reply.

Thanks in advance.