Global Moxie

Skip Navigation
Help!

Or search support forum

Skip Navigation

What's Global Moxie?

Global Moxie specializes in mobile design strategy and user experience for a multiscreen world. We offer consulting services, training, and product-invention workshops to help creative organizations build tapworthy mobile apps and effective websites. We're based in Brooklyn, NY. Learn more.

On Shelves

Books by Josh Clark

Tapworthy: Designing Great iPhone Apps

Best iPhone Apps: The Guide for Discriminating Downloaders

iWork ’09: The Mising Manual

Moxiemail

Enter your e-mail to receive occasional updates:

News feeds
Home > Help! > Big Medium FAQ > Error Messages

"403: Forbidden" when adding new sections

E-mail this page Print this page

Question

Why do I get a "403 Forbidden" message when I try to add new content sections to my site?

Answer

This message typically indicates an error in the server's configuration file.

The gory details

(This section is primarily of interest to server administrators; if that's not you, you can skip down to the next section for the fix.)

Some Apache servers have a module named mod_security which scans page requests and form submissions for suspicious-looking behavior. Some Apache distributions, however, include a configuration error which incorrectly blocks valid form requests, returning the "403 Forbidden" error message.

Specifically, this problem configuration rejects any form submission that contains a semicolon in the Content-Type header. Alas, this breaks any valid request that happens to add a charset declaration in that header:

Content-Type: application/x-www-form-urlencoded; charset-UTF-8

Big Medium happens to do this when it makes Ajax form submissions (i.e., submissions that happen within the page rather than requesting an entirely new page).

The fix

The fix is to change the mod_security configuration on your server.

Option one: Edit the server's configuration file

If you are the server admin and have access to your server's configuration file, you can make the following change (otherwise, contact your admin or hosting company to do it for you).

Find the SecFilterSelective entry that looks like this:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml;)"

...and change that "$" symbol to ";?" like so:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded;?|^multipart/form-data;|^text/xml;)"

After restarting Apache, the error should go away.

Option two: Edit the .htaccess file

If you don't have access to the server's configuration file or your server admin will not make this change for you, you may be able to make the change by editing the .htaccess file in your site's main HTML directory. (If no such file exists, you can create a new file named .htaccess and upload it to your site's main HTML directory.)

Add these two lines to the .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

After adding those lines, the error should go away.

More from this section

Home > Help! > Big Medium FAQ > Error Messages
"Internal Server Error" or "Premature End of Script Headers"
Why do I get a "500: Internal Server Error" message when I connect to Big Medium?
“Script Produced No Output” or “CGI Error”
Why do I get this message when running Big Medium on a Windows server?
Why do I keep getting a "Session Expired" message?
This almost certainly indicates that you are out of disk space.
"File Not Found" Error After First Page of Setup Wizard
Why can't the setup wizard continue on my Windows server?
"Big Medium could not write the file bm-setup.pl"
Why do I get this error when I run the Big Medium setup wizard?
"%1 Is Not a Valid Win32 Application"
Why do I get this error when I try to run Big Medium on my Windows server?
"403: Forbidden" when adding new sections
Why do I get a "403 Forbidden" message when I try to add new content sections to my site?
"Can't locate warnings.pm in @INC"
Why do I get this message when I try to run the setup wizard?

Blog

Desknots
A Day Made of Glass
Designing for Touch
QR Codes Are Footnotes, Not Ads
Gifts for Designers, Nerds, and Mobile Mavens
Gestures in #NewNewTwitter

Project News

Upcoming: Tapworthy Talks in 2010
Now Available: Tapworthy: Designing Great iPhone Apps
“iPad Headaches”: Presentation at Design For Mobile (D4M)
Tapworthy: Designing Great iPhone Apps on Bookshelves June 2010
Perl Critic for BBEdit 1.1
Now on Shelves: Best iPhone Apps
Download Big Medium
Try it free for 30 days, or buy to unlock.

Blown Away

“I’m blown away by Josh Clark’s deep understanding of the iPhone user experience.”
—Jürgen Schweizer, founder of Cultured Code, maker of Things iPhone app

“It’s rare to find a person like Josh Clark who speaks so intently to the topic of interface design and mobile devices.”
—John Maeda, president of Rhode Island School of Design

“If you have time to read only one book on what makes apps successful, it is Tapworthy by Josh Clark.”
—Andreas Sjostrom, manager of mobile solutions, Sogeti

More praise for Tapworthy