ShopSite Knowledgebase



'Forbidden', '403 Forbidden', or 'An appropriate representation of the requested resource could not be found' errors when submitting some backoffice screens

Product: ALL
Version: ALL
Platform: ALL

When submitting/saving certain menus in the ShopSite backoffice I get an error message containing the text 'Forbidden', or '403 Forbidden' or 'An appropriate representation of the requested resource _____ could not be found on this server'. What could be causing this, and what can I do?



These errors are most often caused by a webserver module installed by your hosting provider called 'mod_security'. mod_security checks data submitted to the server for certain patterns, and rejects it with these error messages if it finds patterns in the submitted data that match specific rules in its configuration. There are thousands of possible rules for mod_security, so determining what part of your data it doesn't like is often next to impossible, but it is often some combination of HTML code that you have in a text field that it is erroneously flagging. Note that since the module is intercepting the data before it gets to the ShopSite cgi, it is not the cgi that is generating this error. There are a couple of potential solutions to this issue, both of which you will need the help of your hosting provider to implement.

1) You can ask your host to check the mod_security log file on their server to see which overzealous mod_security rule(s) are being triggered when you receive this message, and then they can whitelist this rule(s) for your particular site. Note that there could be multiple rules that are being triggered, or there could be additional rules that are triggered once the original problem rules are whitelisted. Make sure to ask your host to whitelist this rule for both your regular domain and your secure domain, as these are technically separate 'sites' in the webserver's configuration.

2) You can ask your host to disable mod_security on your site. This request will typically have to go a higher-level system admin who can implement this particular change. If this is what you ask your host to do, make sure you ask them to disable mod_security for both your regular domain and your secure domain, as these are technically separate 'sites' in the webserver's configuration.

Related Articles

No related articles were found.

Attachments

No attachments were found.

Visitor Comments

Article Details

Last Updated
19th of December, 2014

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF


User Opinions



How would you rate this answer?




Thank you for rating this answer.

Continue