Hey folks,
After a successful install I'm unable to modify my Drupal install via the Settings page. If I click the Save Configuration submit button I recieve the error message:
Forbidden
You don't have permission to access /drupal/ on this server.
The error occurs on the http://www.myserver.com/durpal/?q=admin/settings
I've tried many of the suggestions but non seem to specifically address the issue.
I've deleted the .htaccess and changed various settings to no avail.
I get the following error in my error_log
mod_security: Access denied with code 403. Pattern match "(/dev/shm|/tmp|/var/tmp|/var|wget|/home/virtual|/etc/)" at ARGS_VALUES [hostname "www.myserver.com"] [uri "/drupal/?q=admin/settings"]
BTW mod_rewrite is enabled and functioning on this server,
Can anyone help?
Comments
Exactly the same here
Hi Grimlock,
I'm getting exactly the same problem here (PHP5 if that helps).
I have checked and mod_security is installed here - v. 1.86. This seems to be where the problem is (ergo the error log). I guess this is outside the support area of the drupal guys. Did you get any further on this?
I have to get this working so I'll post here if I get any further.
UPDATE:
Well looking again at the error message I have noticed that my local IP is here as being barred. So basically mod_security is finding a problem with drupal processes. I am going to have a look at the rules now and see why this might be happening. I am a little apprehensive about changing/relaxing mod_security rules to allow Drupal to run though if this is the case.
K fixed that - you have a
K fixed that - you have a rule in your mod_security conf file. (usually in /etc/httpd/conf/ or /etc/httpd/conf.d to the effect of:
SecFilterSelective THE_REQUEST "\=" chain
SecFilterSelective ARGS_VALUES "(/dev/shm|/tmp|/var/tmp|/var|wget|/home/virtual|/etc/)" deny,log
Comment this out and Drupal works again. I'm looking into this further though as you_should_not have to remove layers of server security to get a package working.
Here's why it happens:
You may not have the ability to change the mod_security settings in the conf file, especially if your ISP won't cooperate.
The error occurs probably because the value of the "temporary directory" setting is "/tmp". The mod_security rule will disallow ANY form that contains one of the strings specified. (This is probably stupid, as it means that you couldn't even reply to a comment if the comment begins with "/tmp" or some such...)
But the work-around is as follows:
1) make a directory in your "files" directory called "work"
2) set the value to "work" instead of /tmp.
Drupal will then allow you to continue.
= Jim
Thanks Jim, yes that does
Thanks Jim, yes that does make sense.
I'm back on the case with this (and version 4.6.3/php5) and these issues do seem to have got better.