Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have album module installed and saw that this had been an (unresolved?) issue in an old release. I can add photos fine, and then when I click to upload, the progress bar runs and I get an Upload Error: 403.
Comment | File | Size | Author |
---|---|---|---|
#7 | image_fupload-479032-7.patch | 1.71 KB | indytechcook |
Comments
Comment #1
grandcat CreditAttribution: grandcat commentedIt's a solved "bug". I think it's more a mod_security issue in your case. Please search the isssue queue (also closed issues) for "mod_security".
Comment #3
temple_o_Owls CreditAttribution: temple_o_Owls commentedI'm sorry to open this back up. But We're having some problems with FUpload giving us 403 Errors.
Here's a sample apache log:
[26/Aug/2009:09:58:14 -0400] "POST /fupload/flash HTTP/1.1" 403 7383
Here's whats in the Drupal Dblog
Type access denied
Date Wednesday, August 26, 2009 - 9:58am
User myUser
Location https://xxx.it.xxxx.edu/fupload/flash
Referrer
Message fupload/flash
Severity warning
A coworker of mine captured this error from the adobe flash player
Error #2044: Unhandled IOErrorEvent:. text=Error #2038: File I/O Error.
It's very strange because its been isolated to only certain computers, all with Flash 10. It's leading me to believe that we're having an issue with session handling. I've gotten this 403 error every time on my mac, but on my PC with the same username it works fine. Which to me seems very very strange, because that rules out server side folder permissions all together.
Mac: Flash 10
Firefox 3.5 - Fail
Safari 4.2 - Fail
PC: Flash 10
Firefox 3.5 - success
IE 8 - success
The other thing I notice is that, for each image, there's a session added. My logged in user module shows my username once for each failed image, but when it succeeds on my PC, sessions are not added.
I wish I could find more information about this... Is there a way to show a more verbose php output?
Also, it's not a mod_security thing, here's the modules I have installed:
core mod_authn_file mod_authn_default mod_authz_host mod_authz_groupfile mod_authz_user mod_authz_default mod_auth_basic mod_include mod_filter mod_log_config mod_env mod_setenvif mod_ssl prefork http_core mod_mime mod_status mod_autoindex mod_asis mod_cgi mod_negotiation mod_dir mod_actions mod_userdir mod_alias mod_so mod_php5 mod_rewrite
Comment #4
alesr CreditAttribution: alesr commentedPut:
SecFilterEngine Off
in root .htaccess
This saved my day ;)
Comment #5
royce CreditAttribution: royce commentedSecFilterEngine Off
in .htaccess also solved my problem with 403. The lesser
SecFilterScanPOST Off
did NOT work.
Comment #6
tevih CreditAttribution: tevih commentedthanks!
Comment #7
indytechcook CreditAttribution: indytechcook commentedThe issue is related to the use of "PHPSESSID" as the session name.
As of D6, when used with a cookie domain, the session name is dynamic. This patch fixes that by using session_name() instead of "PHPSESSID".
Comment #8
grandcat CreditAttribution: grandcat commentedPlease some testing of #7.
Comment #9
shenzhuxi CreditAttribution: shenzhuxi commentedtested and #7 doesn't work.
Comment #10
geerlingguy CreditAttribution: geerlingguy commentedTried #7 for a proxy issue, didn't help :(
Comment #11
munyiva#7 doesn't work for proxy.