You don't have permission to access /index.php on this server.

**ptera** · 2011-10-08, 01:51 AM

Apache/2.2.17
PHP Version 5.3.8
MySQL version 5.1.56
New install
We have gone over file and folders permissions over and over for the past 8 hours.
Searching all over the place and tried all kinds of different things including removing the .htaccess file
I can run the test file with phpinfo() in all directories.
.
After entering username and password I get
Forbidden
You don't have permission to access /index.php on this server.

http access log says...
69.28.32.32 - - [07/Oct/2011:18:43:27 -0700] "GET /index.php?action=Login&module=Users&login_module=H ome&login_action=index HTTP/1.1" 200 12408 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:28 -0700] "GET /themes/Sugar5/images/sugar_icon.ico?c=1 HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /index.php?action=Login&module=Users&login_module=H ome&login_action=index HTTP/1.1" 200 12408 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /cache/themes/Sugar5/css/style.css?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /cache/themes/Sugar5/css/deprecated.css?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /include/javascript/sugar_grp1_yui.js?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /cache/themes/Sugar5/css/yui.css?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /include/javascript/sugar_grp1.js?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /include/javascript/calendar.js?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /modules/Users/login.css?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /cache/themes/Sugar5/js/style-min.js?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /modules/Users/login.js?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /themes/Sugar5/images/sugar_icon.ico?c=1 HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /themes/default/images/company_logo.png?c=1&logo_md5=4f040bdb68c3b732fa54 f2d96fd0df7b HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /include/images/sugar_md_open.png HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /include/images/poweredby_sugarcrm.png HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /themes/Sugar5/images/advanced_search.gif?c=1 HTTP/1.1" 304 - "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /index.php?entryPoint=getImage&themeName=Sugar5&ima geName=bgBtn.gif HTTP/1.1" 304 - "http://dashboard.ptera.net/cache/themes/Sugar5/css/style.css?c=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:31 -0700] "GET /index.php?entryPoint=getImage&themeName=Sugar5&ima geName=tabRowBg.gif HTTP/1.1" 304 - "http://dashboard.ptera.net/cache/themes/Sugar5/css/style.css?c=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
69.28.32.32 - - [07/Oct/2011:18:43:34 -0700] "POST /index.php HTTP/1.1" 403 296 "http://dashboard.ptera.net/index.php?action=Login&module=Users&login_module=H ome&login_action=index" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0"
--6487f05d-A--
[07/Oct/2011:18:35:53 --0700] To@o@UUcICoAAAhqRZoAAAAH 69.28.32.32 50799 69.28.32.42 80
--6487f05d-B--
POST /index.php HTTP/1.1
Host: dashboard.ptera.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: Ptera CRM
Cookie: __utma=226100059.1373321005.1310751778.1317950012. 1318004968.35; __utmz=226100059.1318004968.35.20.utmcsr=pterawire less.com|utmccn=(referral)|utmcmd=referral|utmcct=/; SESS59d69dba4af6068c8500a4b26373d179=ci4ne6g20lvsf es5po962a5vq6; sugar_user_theme=Sugar5; PHPSESSID=2bvs3v0867lcf79hj7gnk4bhi4; __utmc=226100059; SESS903928d0e4dc6045d06f08b42e18f8ba=tbjvavd0lr12d jj06vpv0jhoh1
Content-Type: application/x-www-form-urlencoded
Content-Length: 187

medsec_audit.log says
--6487f05d-C--
module=Users&action=Authenticate&return_module=Use rs&return_action=Login&cant_login=&login_module=Ho me&login_action=index&login_record=&user_name=admi n&user_password=pteracrm&Login=Log+In
--6487f05d-F--
HTTP/1.1 403 Forbidden
Content-Length: 296
Connection: close
Content-Type: text/html; charset=iso-8859-1

--6487f05d-H--
Message: Pattern match "^([^;\s]+)" at REQUEST_HEADERS:Content-Type. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_30_http_policy.conf"] [line "63"] [id "960010"] [msg "Request content type is not allowed by policy"] [data "application/x-www-form-urlencoded"] [severity "WARNING"] [tag "POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"]
Message: Pattern match "\buser_password\b" at ARGS_NAMES:user_password. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "146"] [id "959917"] [rev "2.0.5"] [msg "Blind SQL Injection Attack"] [data "user_password"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Message: Access denied with code 403 (phase 2). [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_49_enforcement.conf"] [line "25"] [msg "Anomaly Score Exceeded (score 20): Blind SQL Injection Attack"]
Action: Intercepted (phase 2)
Apache-Handler: php5-script
Stopwatch: 1318037753367475 15661 (697* 15135 -)
Producer: ModSecurity for Apache/2.5.12 (ModSecurity: Open Source Web Application Firewall core ruleset/2.0.5.
Server: Apache/2.2.17 (Fedora)

--6487f05d-Z--

**rpruitt625** · 2011-10-09, 06:14 PM

The problem is a permissions issue. Your directory permissions need to be set to 755

You said you spent hours and hours checking, but you did not indicate what the settings actually were.

p.s. - I hate captcha files that make you try two or three times because you can't read the words.!!!

**rpruitt625** · 2011-10-09, 07:02 PM

Oh - look at the last line of your log file. It looks to be a ModSecurity issue. I don't use that, but there is a link that addresses this problem --
ModSecurity Blog: Advanced Topic of the Week: Traditional vs. Anomaly Scoring Detection Modes

**ptera** · 2011-10-10, 04:26 PM

I give up - stripping system down and reloading Centos 5 from scratch.

Thread: You don't have permission to access /index.php on this server.

LinkBack

Thread Tools

Search Thread

Display

You don't have permission to access /index.php on this server.

Re: You don't have permission to access /index.php on this server.

Re: You don't have permission to access /index.php on this server.

Re: You don't have permission to access /index.php on this server.

Thread Information

Users Browsing this Thread

Similar Threads

Forbidden You don't have permission to access /.../index.php on this server

You don't have permission to access /sugarcrm/index.php on this server

Do Not Have Access to Index.PHP

You don't have permission to access /crm/install.php on this server.

You don't have permission to access /index.php on this server.

Bookmarks

Bookmarks

Posting Permissions