PDA

View Full Version : Getting This server could not verify that you are authorized to access the document'



cgmsys
08-13-2014, 10:36 AM
I have just moved a joomla 2.5 site from sitemanager to cpanel. In the process we changed from a .com to a .edu.

I am currently on the road working on a comcast connection with a win 8 laptop.

It seems that I can work in the back end for about 10-15 minutes and then I get


------------------------
Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

===========================

I will then get that error on chrome, firefox and Ie. However, I can still access cpanel.

I can usually get back in by remoting into another computer (Another IP), purging the sessions with admin tools and then deleting the cache. via joomlas back end. I also have to delete the local browser cache.

It seems to me that something is blocking my IP for some reason. I turned off adminexile and securitycheck pro (Two security tools for joomla).

Some of the posts I've found relating to this indicate that it could be a permissions issue with the httpdpw?? file. It also seems that the error is not specific to joomla but rather an apache error.

I was wondering if any other joomla/cpanel users were running into this.

thanks

chris

I

cgmsys
08-17-2014, 10:16 PM
Just a bump here. I'm really getting frustrated with this. I Get blocked on all browsers on the admin side of joomla and cannot get back in.

wildjokerdesign
08-18-2014, 06:21 AM
I am really not familiar with Joomla or the add-ons you spoke of but my guess would be that since you are on the road that it could be something to do with the connection you are using. Might be that the IP's used are listed in some block list.

"Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request." You get this error because the cPanel accounts expect to have html custom error pages in the public_html page that are served when something happens. You can manage these by logging into cPanel then going to Advanced > Error Pages. It might be the 403 in this case or even the 500.

Also while you are in there check your Error Logs to see if there is any more information that may be useful.

cgmsys
08-18-2014, 09:13 AM
I'm also running into the problem at home. The next time it happens, I want to try a couple of things.

1. Note the exact time
2. Do tracerts to the front and back ends. I don't think that will show anything though.
3. Call westhost and ask them to see if there is anything in cpanel blocking me.
4. take a look at the access logs to see if anything is happening there.

I read that there might be something about having cpanel protected directories on. At any rate, this is getting to be a problem since I'm up against a hard deadline to get the site running.

wildjokerdesign
08-19-2014, 06:50 AM
If you turn off the add-ons, it does not happen... is that correct?

Yes you can protect directories in cPanel but it would have been something you did. http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/PasswordProtectDirectories Have you done that?

cgmsys
08-25-2014, 09:22 PM
@wjd

I did not set any directories as protected. According to westhost, there is no directory protection in effect.


It somehow seems to be tied to the session table. If I go in and delete the sessions, I can regain access.

The last time I got locked out, I tried logging in with my laptop from the same IP. The result was that I could not get in with the laptop. Apparently something is blocking the IP.

I read that the latest version of cpanel strictly enforces tokens. I have a feeling that is the issue.

chris

cgmsys
08-25-2014, 09:29 PM
@wjd

I did not set any directories as protected. According to westhost, there is no directory protection in effect.


It somehow seems to be tied to the session table. If I go in and delete the sessions, I can regain access.

The last time I got locked out, I tried logging in with my laptop from the same IP. The result was that I could not get in with the laptop. Apparently something is blocking the IP.

I read that the latest version of cpanel strictly enforces tokens. I have a feeling that is the issue. SOmehow cpanel is seeing a session token it doesn't like


chris

cgmsys
08-25-2014, 09:30 PM
@wjd

I did not set any directories as protected. According to westhost, there is no directory protection in effect.


It somehow seems to be tied to the session table. If I go in and delete the sessions, I can regain access.

The last time I got locked out, I tried logging in with my laptop from the same IP. The result was that I could not get in with the laptop. Apparently something is blocking the IP.

I read that the latest version of cpanel strictly enforces tokens. I have a feeling that is the issue. SOmehow cpanel is seeing a session token it doesn't like


chris

cgmsys
08-25-2014, 09:49 PM
I'm getting really fed up with Westhost here.

I thought I'd try to update the site from joomla 2.5 to 3.x. I've done this before on other hosts. THis time, I ended up with a completely blank front and back end.


I'll have to see if westhost can restore from a backup or I'll have to restore from the akeeba backup that I have.

cgmsys
08-25-2014, 10:28 PM
Just spoke with scott at westhost.

Supposedly there is a Mod_security that they added to cpanel that has a conflict with Joomla. As I understand it, you can log in to the joomla back end but will get kicked out about 5 minutes later for an indefinite time.. (My experience has been about 20 min).

This is a bit disconcerting in that Joomla 2.5 is reaching it's end of life in December 2014. Many people who have 2.5 sites are on the old site manager. You can't upgrade to joomla 3.x on site manager because you can't upgrade to a 3.x compatible version of php in site manager.

Now, if you purchase a cpanel account, it appears that the Mod_Security on that server will prevent you from using the back end reliably.

wildjokerdesign
08-26-2014, 07:04 AM
I get the feeling that if you could get the site updated that you might be ok. Mod_security is widely used on shared hosting accounts so I doubt you are going to find another company that does not use it. In fact if they did not I would be a bit worried about the security of their system.

You said that when you tried to update that you got a blank page. That would indicate to me a problem with perhaps one of your addon's in Joomla or a modification you made your self to something. Check your error logs for what might be the cause when this does happen. Disable all addon's before you update. Set your site to use a vanilla default theme. If you are worried about the site being down while you trouble shoot this you could make a "copy" of it in a sub directory of your site with a second database set up. If you can get it to update without add-ons and a default theme then that means one of them or the theme is the issue and you can slowly add those back in (using current ones for the new version of joomla) to try and track down where the issue is.

cgmsys
08-26-2014, 07:50 AM
@wjd

Thanks - WH support restored the site to the previous day. They said that jch optomize and fabrik caused an issue with the 3.x upgrade. I've done 2.5-.3.x upgrades with these extensions in place. However, I will do as you said and strip the site of all extensions prior to the 3.x upgrade.

I'm fortunate in that we are still running the .com site as the main site. That gives me a week or two to get the .edu up and running and then redirect the .com to the .edu.

BTW - they said they added an exception for the modsecurity extension.

wildjokerdesign
08-27-2014, 06:57 AM
It may be them or it could be others. I try to always revert to vanilla settings without add-ons when I move from one major version to another. Doesn't normally affect minor upgrades. It is just easier to trouble shoot what may be a problem. :)

Hey that is good news that WH was able to add the exception. Much better then turning off mod_security all together which is what I was reading many folks where doing.

cgmsys
09-28-2014, 02:18 PM
Well, I'm ready to move site #2 to cpanel.. and I'm getting the same permissions issue. The level 1 guys want back end access to joomla so they can replicate the problem. The last time I did this, the site ended up broken and the backup restores had ownership issues on certain folders which broke the back end.

I have about a dozen sites that need to be moved to j 3.x .. If I have to go through this nonsense every time for what is basically a known issue I have to seriously rethink things.

wildjokerdesign
09-29-2014, 07:31 AM
Hopefully they can get it sorted this time.

I wonder if it has to do with something to do with the method you use to move the sites. How are you doing that? What programs/tools are you using to accomplish this. Could be it has no bearing on this but I always try and cover all my bases. I sometimes wonder if I give them too much information. :)