I have album module installed and saw that this had been an (unresolved?) issue in an old release. I can add photos fine, and then when I click to upload, the progress bar runs and I get an Upload Error: 403.

CommentFileSizeAuthor
#7 image_fupload-479032-7.patch1.71 KBindytechcook
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

grandcat’s picture

grandcat CreditAttribution: grandcat commented
Category: bug » support
Priority: Critical » Normal
Status: Active » Fixed

It's a solved "bug". I think it's more a mod_security issue in your case. Please search the isssue queue (also closed issues) for "mod_security".

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

temple_o_Owls’s picture

temple_o_Owls CreditAttribution: temple_o_Owls commented
Status: Closed (fixed) » Active

I'm sorry to open this back up. But We're having some problems with FUpload giving us 403 Errors.

Here's a sample apache log:
[26/Aug/2009:09:58:14 -0400] "POST /fupload/flash HTTP/1.1" 403 7383

Here's whats in the Drupal Dblog
Type access denied
Date Wednesday, August 26, 2009 - 9:58am
User myUser
Location https://xxx.it.xxxx.edu/fupload/flash
Referrer
Message fupload/flash
Severity warning

A coworker of mine captured this error from the adobe flash player
Error #2044: Unhandled IOErrorEvent:. text=Error #2038: File I/O Error.

It's very strange because its been isolated to only certain computers, all with Flash 10. It's leading me to believe that we're having an issue with session handling. I've gotten this 403 error every time on my mac, but on my PC with the same username it works fine. Which to me seems very very strange, because that rules out server side folder permissions all together.

Mac: Flash 10
Firefox 3.5 - Fail
Safari 4.2 - Fail

PC: Flash 10
Firefox 3.5 - success
IE 8 - success

The other thing I notice is that, for each image, there's a session added. My logged in user module shows my username once for each failed image, but when it succeeds on my PC, sessions are not added.

I wish I could find more information about this... Is there a way to show a more verbose php output?

Also, it's not a mod_security thing, here's the modules I have installed:
core mod_authn_file mod_authn_default mod_authz_host mod_authz_groupfile mod_authz_user mod_authz_default mod_auth_basic mod_include mod_filter mod_log_config mod_env mod_setenvif mod_ssl prefork http_core mod_mime mod_status mod_autoindex mod_asis mod_cgi mod_negotiation mod_dir mod_actions mod_userdir mod_alias mod_so mod_php5 mod_rewrite

alesr’s picture

alesr CreditAttribution: alesr commented

Put:
SecFilterEngine Off
in root .htaccess

This saved my day ;)

royce’s picture

royce CreditAttribution: royce commented

SecFilterEngine Off

in .htaccess also solved my problem with 403. The lesser

SecFilterScanPOST Off

did NOT work.

tevih’s picture

tevih CreditAttribution: tevih commented

thanks!

indytechcook’s picture

indytechcook CreditAttribution: indytechcook commented
Version: 6.x-3.0-rc2 » 6.x-3.x-dev
Status: Active » Needs review
FileSize
image_fupload-479032-7.patch1.71 KB

The issue is related to the use of "PHPSESSID" as the session name.

As of D6, when used with a cookie domain, the session name is dynamic. This patch fixes that by using session_name() instead of "PHPSESSID".

grandcat’s picture

grandcat CreditAttribution: grandcat commented

Please some testing of #7.

shenzhuxi’s picture

shenzhuxi CreditAttribution: shenzhuxi commented

tested and #7 doesn't work.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented

Tried #7 for a proxy issue, didn't help :(

munyiva’s picture

munyiva
Location Nairobi
CreditAttribution: munyiva commented

#7 doesn't work for proxy.