I have 3 sites running Kirby, two of them is Kirby 3.10.0.1 running on php 8.2, and one is 3.6.0.0 running on php 7.4
Perhaps after latest security updates of Apache/PHP on the server, on all 3 sites I have the same problem. I cannot login to the panel. I got Forbidden “The JSON response could not be parsed” and when I turn the debug on, I got “t.details is undefined” message.
Nothing special in Apache logs, just standard AH01797: client denied by server configuration. Which is obviously just secondary to the authentication problem, and the authentication fails because of error in the JSON. But what could have changed on the whole server? (all other sites working normal, and Kirby sites also working pefect, just cannot login to the panel).
Turning off the ModSecurity on Apache doesn’t help.
Any ideas?
When exactly does this error show up and where? After entering the credential or before?
Do you get errors in the console? What about the network requests in dev tools, anything more enlightening there?
Thank you for replying.
I believe I have done standard security update on Debian a week ago (it upgraded several ssl, php and apache modules) and only today I have realized that I cannot login to the panel of any of my Kirby sites.
The error shows up when I try to enter the panel (by going to /panel ), after I enter username and password (and if I intentionally put the wrong user/pass, there is the same error).
I don’t have Kirby CLI installed, shall I do it?
OK, I am stupid. I unintentionally blocked POST requests from the one IP I am using now, for the whole Apache. Problem’s solved.
However, what may be a lesson from this situation, is that maybe Kirby should somehow better handle the situation when the server cannot perform the authentication. The messages “The JSON response could not be parsed” and “t.details is undefined” are confusing.