Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
403 Access Forbidden by CSRFProtector!
#1
Good morning....

Just started having a weird problem.... when I try to add a document, I get the following error...

403 Access Forbidden by CSRFProtector!


I had upgraded to version 1.3.5 back at the end of August, and on that day, I was able to upload documents.... Now, I can not.

I can search and download existing documents, but I can't add any more docs.

I've searched generically on this error and found some references to the jsUrl value, however, I do not quite understand the "what and how" of the requirements of those settings...

Any assistance would be  greatly appreciated.

Kos
#2
That is coming from a tool we use for improved security. This is only happening on adding new documents then? Not editing?
#3
(09-19-2016, 08:11 AM)adminla Wrote: That is coming from a tool we use for improved security. This is only happening on adding new documents then? Not editing?

Yea.... figured it out.... it was a bit convoluted with the error that was being thrown on the screen....

I started chasing down that error only to find that there was really nothing wrong....

then, I decided to take a peek at the log files to see if anything there stuck out.

After looking at the Apache log ( /var/log/apache2/error.log ) I found this entry....


PHP Warning:  POST Content-Length of 12209794 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: https://xx.xx.xx.xx/add.php

So, it seems that the issue's root cause was / is PHP...

So, I started digging into PHP and didn't find anything wrong in the PHP5 config.... but then saw that  (on that same day where everything else worked) PHP 7 was installed during an upgrade cycle...

I found the 8M limit on the post_max_size and changed that.... and also adjusted the upload_max_filesize variable  from 2M    after that, reboot and all seems well...


So, even though the error was being thrown for CSRFProtector, the actual culprit was the default file size limit in the (new version 7) PHP.INI config file..   (my PHP5 files were fine)

Here is the quick fix...

(UBUNTU 16.04 LTS) 

/etc/php/7.0/apache2/php.ini

/etc/php/7.0/cli/php.ini

edit the following....

upload_max_filesize = xxM   (e.g. upload_max_filesize = 90M)
post_max_size = xxM

(however big you want it.... keep it to something a little higher than what you expect to be your largest upload)


Kos
#4
Got it. Thanks.


Forum Jump:


Users browsing this thread: 1 Guest(s)