Help with 403 forbidden errors

1

Howdy! I’m not entirely sure if this is a Kirby issue, but I’ve run out of other options for troubleshooting.

Starting yesterday, I’ve started experiencing sporadic 403 errors when trying to load my website. Sometimes it happens consistently, but other times it seems random (I’ll get a 403, then refresh and it loads fine. Then refresh and it’s 403 again). I’m experiencing this on multiple browsers, multiple devices, with WiFi on and off. I’ve cleared my cache and checked on incognito browsers, none of it seems to matter.

Any thoughts on what could be going on?

My hosting provider seemed to think that it was an issue with my ISP, but I have no idea why it would be blocked or how to go about resolving.

Thanks for any insights!

2

Could you post the URL to the site? If you don’t want to post it publicly, send a PM, then we can at least test if we can reproduce the issue. Doesn’t sound like something Kirby related.

3

Oh sure! its: waterburyantiracism.com

I’ve had varying levels of success going to https versus http, not sure if that has anything to do with anything.

4

In my browser, the website doesn’t load at all.

If I check with a REST client, http is permanently redirected to https, but https:// also gives me a 403 on all requests.

Oh, it finally did load in the browser, ages later…

5

There are errors in the console, like loading jquery-ui.js via http when on https which should not happen.

6

Do you think those errors could be contributing to the 403 error?

7

I tried it also, but for me, http is not redirected to https and causing the forbidden response:

--2021-01-15 17:50:09--  http://waterburyantiracism.com/
Auflösen des Hostnamens waterburyantiracism.com (waterburyantiracism.com) … 66.96.147.160
Verbindungsaufbau zu waterburyantiracism.com (waterburyantiracism.com)|66.96.147.160|:80 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 
  HTTP/1.1 403 Forbidden
  Date: Fri, 15 Jan 2021 16:50:09 GMT
  Content-Type: text/html; charset=iso-8859-1
  Content-Length: 209
  Connection: keep-alive
  Keep-Alive: timeout=30
  Server: Apache/2
  Accept-Ranges: bytes
  Age: 0
2021-01-15 17:50:09 FEHLER 403: Forbidden.

However, https is working fine for me.

Your redirection is not working reliable if there is any. This might also be caused by a misbehaving proxy or load balancer, which might explain the erratic behavior.

8

I’m currently getting the 403 error again for https. I think this a problem on the server side, not your ISP, and if the server is not under your control, then support should fix this. Maybe they have changed something if the site was running fine until yesterday.

Nevertheless, you should fix these console errors and load your assets via https. Make sure to also clear the /site/cache folder if you are using Kirby’s cache.

9

Right on. I appreciate y’all taking a look at this decidedly non-Kirby issue. I’ve fixed that asset to load via https, and added c::set('ssl', true); to my config file to make sure that the redirect happens consistently.

The site is currently loading consistently for me, but will talk more with my provider to try to uncover issues on their side.

Thanks!

10

Are you still on Kirby 2? Just saying because Kirby 3 doesn’t have an ssl config setting…

11

Oh, oops. I am not on Kirby 2. Do you know what the best way to redirect for ssl is?

12

If you can’t do it in your hosting’s control panel (something like cPanel?), then the .htaccess file would be the right place.

13

Seems like htaccess is my main option there. I’ve seen a few different ways of handling the redirect in forums. Do you know if there’s a way that is most appropriate for Kirby?

14

You can find a few variants here: Https .htaccess - #2 by byybora

The non-www with ssl is probably the most suitable:

# force non-www with ssl
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
15

Oh nice. Thank you!