403 Forbidden response

I ran into this issue also and found that I didn't create a replicator user and assign that user to the replicator role. Check the permissions for the role and try again. I created the user on both ends, the sending end and receiving end.

I am not using Acquia and am getting this also. I verified that the replicator user exists on both ends and the password is set correctly. If I test this with the Poster add-on in Firefox, it worked when I initially tested. However, when I went back to test several minutes later (no changes in settings), it no longer worked with Poster; I got the message Cannot process request on GET http://replicator:some_password@staging.profoodtech.com due to: Access to restricted URI denied

GET http://replicator:some_password@staging.profoodtech.com/_all_dbs results in a 404 Not Found response. Testing this with Poster results in Cannot process request on GET http://replicator:some_password@staging.profoodtech.com/_all_dbs due to: Access to restricted URI denied

I'm wondering if it's perhaps related to this comment: https://www.drupal.org/node/2637770#comment-11140013

@dobrzyns You have 404 errors because the URL is not correct, it should be http://replicator:some_password@staging.profoodtech.com/relaxed/_all_dbs

@jeqq Ah, indeed. Thanks for catching that.

I'm having this exact problem too.

I'm trying to share contents between two sites in local that i created with acquia dev desktop 2. Let's say
http://mysite-master.dd:8083
and
http://mysite-slave.dd:8083

I created 2 users with role replicator in both sites, set the relaxed remote pointing to /relaxed with correct user/password, but it returns in both cases errror 403.
More specifically, the error in the logs is:

in the caller
GuzzleHttp\Exception\ClientException: Client error: `GET http://replicator:password@mysite-slave.dd:8083/relaxed/_all_dbs` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org (truncated...) in GuzzleHttp\Exception\RequestException::create() (line 107 of mysite-master/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php).

In the receiver

User	Anonymous (not verified)
Location	http://mysite-slave.dd:8083/relaxed/_all_dbs

As you can see it doesn't manage to access the page returning 403.

I tried even with postfix and indeed it cannot access the page.

Trying with 8.x-1.0-alpha10 version.

I am having the same issue. Does anybody have updates on this by any chance?

I have tracked the issue to basic_auth as it has flood protection.
Currently for me it is failing at:
$this->flood->isAllowed('basic_auth.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)
It seems that there has been too many login requests for the replicator user and there is not a nice way to clear the flood flag unless you get to the table and clean it manually.

Just have similar/same problem.

I get alway following message:

GuzzleHttp\Exception\ClientException: Client error: `GET http://Replicator:***@xxx.xx/replicator/_all_dbs` resulted in a `404 Not Found` response:

I wonder a little about !http://Replicator:***" which seems not to be a correct url. (replicator-User is 'Replicator')

/relaxed on both sites seem to work an result in

couchdb "Welcome"
uuid "8ab6dd35-7d39-4fef-ab95-f0d679a2c6af"
vendor
name "Drupal"
version "8.3.2"
version "8.3.2"

/relaxed/_all_dbs results on both sites in

0 "live"
1 "stage"

(should it be counterwise?)

Better error handling with messages i can understand would be great ...

Hm, a second look to syslog:

There are messages that following pages not found:

/replicator/
/replicator/_all_dbs

Why is drupal looking for that url and not for /relaxed ?

@MartinMa did you complete all the steps from the documentation page? Especially "Configuring local Relaxed settings"?

#8 Your solutions works. Thanks.

This issues seems to have got a little confused. A 404 is likely a different problem to the 403 reported and therefore a new issue is required. But to add to the original issues. I have ran into a 403 error when trying to deploy a higher number of nodes. I can confirm that the target site is active and I can deploy in low numbers. But have a site with 1000+ nodes that i'm now unable to sync between local workspaces or to a remote target, error messages:

Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\relaxed\Plugin\rest\resource\DocResource->get() (line 78 of ../web/modules/contrib/relaxed/src/Plugin/rest/resource/DocResource.php).

Exception: Response status code: 403 when connecting to source site or database. Response body: {"error":"unauthorized","reason":""} in Relaxed\Replicator\Replication->replicateChanges() (line 525 of ../vendor/relaxedws/replicator/src/Replication.php).

@vflirt this could well be pointing to the problem you've identified with the auth_module and multiple login attempts, but I don't see a solution in your comment, pease could you expand.

I'm also getting the following error in my status panel:

`Client error: `GET https://replicator:***@example.com/relaxed/_all_dbs` resulted in a `403 Forbidden` response`

where `replicator` is the user with the replicator role, and `example.com` is of course my own domain.

However, when manually going to `https://replicator:password@example.com/relaxed/_all_dbs`, it does work. So it seems like RELAXed is actually using the stars as the password... I don't know if this is actually the same issue that OP is having, but it's also a 403 issue.

Hello,

Same problem for me. The remote site isn't reached.
So, I'm getting these errors:

GuzzleHttp\Exception\ClientException : Client error: `GET http://replicator:***@sites2.com/relaxed/_all_dbs` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="fr" dir="ltr"> <head> <meta charset="utf-8" /> <meta name="Generator" content="Drupal (truncated...) dans GuzzleHttp\Exception\RequestException::create() (ligne 113 de /srv/data/web/vhosts/site1.com/htdocs/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php).

The generated urls from the "relaxed module" seems to be valid...

Can you help me to resolve this problem ?

Thanks.

Good news.

I have resintalled a new remote site and it's ok for me (problems with my first install????).
I can deploy contents from a source site to a remote site.
But, If you use the account 1 to test the deployment, don't forget to add the "replicator" role on this account !!!! (without this role on uid 1 we get new errors in logs...)

I cannot reproduce this error locally. I also use this module on production sites and it works fine. Most probably you don't configure correctly your sites and the module. If you still can reproduce it, make sure you read again here the README.md file and this documentation.

Had the same 403 error problem described on one site but not the other. Identical replicator users set up, passwords the same, relaxed remotes set up, etc...

Manually cleared the flood table on the site with the problem which promptly resolved the problem.

Hello,

I have changed the protocol of my site to https. But, now, I get an error 403 and an forbidden access to the 'https://mysite.com/relaxed/_all_dbs' URL.
In Drupal 8 how can I clear the flood table? I don't see this table in my database.

Thanks.

P.S. if I configure a new relaxed remote site it's functionnal. I think the relaxed module keep some datas/configs in memory, then we can't update existing relaxed remote. Is there a solution to "clear" the relaxed remotes settings?

Same.

Currently the error message is pretty spare. It would be useful if we updated the error messaging to include more about the URL being tried and the full response reason. That's suggested on the CouchDB docs too: http://docs.couchdb.org/en/2.1.2/replication/protocol.html

Exception: Response status code: 403 when connecting to source site or database. Response body: {"error":"unauthorized","reason":""} in Relaxed\Replicator\Replication->replicateChanges() (line 536 of /var/www/uwmed/vendor/relaxedws/replicator/src/Replication.php).

I faced recently this problem and the cause of the 403 response is quite funny. The 403 response was caused only when requesting /workpsace_id/doc_id paths and the problem ended to be caused by the bad handling of the password the user had. Because the password had the "+" symbol at the end, the CouchDB Client library seems to not handle that very well and in Drupal, the request sent by the library, had the "+" symbol replaced by a space. Example: for a password like "TestPass+", the password received by basic_auth module in Drupal was "TestPass ". The workaround was to not use a symbol at the end of the password, for long term the issue should be fixed in the CouchDB Client library. Here is sent the request when the "+" symbol is replaced with a space: https://github.com/relaxedws/couchdb-client/blob/master/lib/Doctrine/Cou....

Other causes of the 403 response status can be caused by site specific permissions configuration.

I encountered this issue and it came down to the flood controls in the basic_auth module as noted above in #8.

I'm getting a different variant of this as described in #3061360.

Exception: HTTP Error with status 403 occurred while requesting */*. Error: unauthorized in Relaxed\Replicator\Replication->replicateChanges() (line 536 of /root/vendor/relaxedws/replicator/src/Replication.php).

That error in particular is thrown by line 532. Digging into this a bit more, it looks like $this->source and $this->target in Relaxed\Replicator\Replication->replicateChanges() are both set correctly with 200 responses. Unless I'm mistaken, this means that a basic connection to both endpoints has succeeded, hence why I am not getting the "relaxed/_all_dbs" error.

The error occurs when synchronizing content, when getting the $rawHeaders on line 142 of StreamClient->getStreamHeaders(), called by MultipartParserAndSender->transferDocuments().

This is further validated by trying to execute the same via curl
Fails - {"message":"No authentication credentials provided."} : curl http://mysite.com/relaxed/stage
Succeeds: curl http://user:password@mysite.com/relaxed/stage
Fails - {"error":"unauthorized","reason":""} : curl http://user:password@mysite.com/relaxed/stage/e829efaa-2971-44e8-affc-db16e0b6a64c?revs=1&latest=1&open_revs=%5B%221-3774c67d9ff30cc3a7802128f23f3cec%22%5D

I'm at a bit of a loss. The user:password user exists on mysite.com and has the replicator role with the proper permissions, and the site is a fairly clean install aside from trying to get this working, so I'm not sure where there'd be another permissions conflict.

@mrweiner Try to debug how that request reaches the drupal site and how authentication goes in the basic_auth module. Check what contain the authentication headers when they reach the sites and if the password and the user are correct. Just debug until you find where 403 is returned and why.

Your description look exactly like what I had in #24, and I've found that while debugging the request until I've found where it returns the 403 status.