Community
Support » Post installation

Bizarre phrase ban

Posted by clintonm on August 13, 2012 at 4:39am

I've got a very bizarre problem. When ever I go to edit an article and include the phrase "electronic cigarettes" in either the title or the body, and click save, I get the following error:

"403 Forbidden
Access is forbidden to the requested page:

/node/9/edit?destination=admin/content (port 80)"

This is on a blue background.

I've uploaded a plain HTML page with the phrase "electronic cigarette" and successfully viewed it on the same server, so it seems it's not a server side ban.

If I don't include the phrase "electronic cigarettes", everything is fine. Also "electronic cigarettes" is also ok. It seems like there's a bizarre word ban on "electronic cigarette".

Does anyone have any idea why this would be the case? I've removed all non-core modules. Also, is there something that assists debugging such an issue (ideally, some sort of step-by-step log of the tests/actions Drupal takes to end up at the error page). I don't recall setting up a word ban list, and I'm worried there's a whole lot of other words that are banned that I don't know about.

Login or register to post comments Categories: ,

Comments

The 2nd last sentence should

Posted by clintonm on August 13, 2012 at 4:52am

The 2nd last sentence should read:

If I don't include the phrase "electronic cigarettes", everything is fine. Also "electronic cigarett<b></b>es" is also ok. It seems like there's a bizarre word ban on "electronic cigarette".

Do you have any spam modules

Posted by nevets on August 13, 2012 at 5:05am

Do you have any spam modules such as mollem installed?

I don't think so. I've

Posted by clintonm on August 13, 2012 at 5:36am

I don't think so. I've disabled everything except for core modules and it still as the same behaviour.

Suhosin / mod_security probably

Posted by dman on August 13, 2012 at 2:16pm

heh.

"403 Forbidden
Access is forbidden to the requested page:

/node/9/edit?destination=admin/content (port 80)"

Is not a Drupal-generated error, which points at a server (PHP) based interception. Your (correct) troubleshooting further eliminates that possibility.
And also, whenever I hear a story like this, I suspect some sort of clbuttic filter error.

Most likely you have a PHP extension, such as Suhosin and it's been configured (or mis-configured) to fire on some character combination that it thinks is suspicious.
I can't guess precisely what the pattern could be, but if you were to get access to the pattern rules or the server logs, it would probably be something stupid.
It's certainly worth asking your sysadmin about, they may find it amusing.

.dan. is the New Zealand Drupal Developer working on Government Web Standards