There is an obscure but persistent issue with Apache on Windows causing a 403 forbidden error.
Basically, Apache won't allow the
: in the URL that works on other systems due to a security concern based on the fact that windows paths can have colons in them:
We have addressed this by providing a configurable option for the parameter separator that is defaulting to
Simply edit your
user/config/system.yaml and add this at the top:
This will configure Grav to use a semicolon, rather than a colon for parameters such as
http://yoursite.com/blog/tag:something will now be:
If you have
mod_security installed, we had reports of rule 350147 (http://wiki.atomicorp.com/wiki/index.php/WAF_350147) triggering a false positive. Whitelist that rule, or ask your hosting provider support to do it.
ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "308"] [id "350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\+| )?(request)?(?:\\+| )?>+|<<(?:\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\+| )?>+)$|^< ?\\??(?: |\\+)?xml|^<samlp|^>> ?$)" against "ARGS:notifications" required. [hostname "mydomain"] [uri "/grav/admin/notifications.json/task:processNotifications"] [unique_id "WXoYHcpkEKz0qCI66845gQAAAAo"], referer: http://mydomain/grav/admin/tools
Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to make your changes.
Powered by Grav + with by Trilby Media.