Global Moxie

Help!

What's Global Moxie?

Global Moxie is the hypertext laboratory of Josh Clark, whose projects include the Big Medium web content management system. Josh creates web applications and websites from his multimedia studio in Paris, France.

What's Big Medium?

Big Medium is flexible, easy-to-use server software for creating and editing websites directly from your browser. Check out the features or download now.

Moxiemail

Enter your e-mail to receive occasional updates:

News feeds

Home > Help! > Big Medium FAQ > Error Messages

"403: Forbidden" when adding new sections

E-mail

Question

Why do I get a "403 Forbidden" message when I try to add new content sections to my site?

Answer

This message typically indicates an error in the server's configuration file.

The gory details

(This section is primarily of interest to server administrators; if that's not you, you can skip down to the next section for the fix.)

Some Apache servers have a module named mod_security which scans page requests and form submissions for suspicious-looking behavior. Some Apache distributions, however, include a configuration error which incorrectly blocks valid form requests, returning the "403 Forbidden" error message.

Specifically, this problem configuration rejects any form submission that contains a semicolon in the Content-Type header. Alas, this breaks any valid request that happens to add a charset declaration in that header:

Content-Type: application/x-www-form-urlencoded; charset-UTF-8

Big Medium happens to do this when it makes Ajax form submissions (i.e., submissions that happen within the page rather than requesting an entirely new page).

The fix

The fix is to change the mod_security configuration on your server.

Option one: Edit the server's configuration file

If you are the server admin and have access to your server's configuration file, you can make the following change (otherwise, contact your admin or hosting company to do it for you).

Find the SecFilterSelective entry that looks like this:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml;)"

...and change that "$" symbol to ";?" like so:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded;?|^multipart/form-data;|^text/xml;)"

After restarting Apache, the error should go away.

Option two: Edit the .htaccess file

If you don't have access to the server's configuration file or your server admin will not make this change for you, you may be able to make the change by editing the .htaccess file in your site's main HTML directory. (If no such file exists, you can create a new file named .htaccess and upload it to your site's main HTML directory.)

Add these two lines to the .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

After adding those lines, the error should go away.

More from this section

Home > Help! > Big Medium FAQ > Error Messages

"Internal Server Error" or "Premature End of Script Headers"
Why do I get a "500: Internal Server Error" message when I connect to Big Medium?

“Script Produced No Output” or “CGI Error”
Why do I get this message when running Big Medium on a Windows server?

Why do I keep getting a "Session Expired" message?
This almost certainly indicates that you are out of disk space.

"File Not Found" Error After First Page of Setup Wizard
Why can't the setup wizard continue on my Windows server?

"Big Medium could not write the file bm-setup.pl"
Why do I get this error when I run the Big Medium setup wizard?

"%1 Is Not a Valid Win32 Application"
Why do I get this error when I try to run Big Medium on my Windows server?

"403: Forbidden" when adding new sections
Why do I get a "403 Forbidden" message when I try to add new content sections to my site?

"Can't locate warnings.pm in @INC"
Why do I get this message when I try to run the setup wizard?

Blog

No Pain, No Pain: The “Couch to 5K” and Humane Design

Is Your Service Plan about to Expire?

Plug for the New Plugins

Controlled

Design Treasures Found and Lost in the Paris Métro

Big Medium T-Shirts

Project News

Big Medium 2.0.2: Crazy Like a Fox

Big Medium 2.0.1

Updated: Big Medium 2: The Complete Guide

Updated: PDF Documentation for Prototype 1.6.0

Big Medium 2.0: Your new website editor is here

Big Medium 2.0 Release Candidate 6: "Fashionista"

Download Big Medium
Try it free for 30 days, or buy to unlock.

Absolutely Stellar

"This is certainly restoring my excitement about web development. Thank you for an absolutely stellar product."
—Kevin Waite

"I've shown Big Medium in action to a few people. The thing practically sells itself."
—Gerry Leonidas

"Sorry for gushing, but you are #1 in terms of great support of all the vendors or companies I've ever dealt with. I talk up Big Medium to all the web developers I meet. The value of what Big Medium does compared to what you charge is amazing."
—Brian White, columbussports.com

I was just looking around the Global Moxie site and happened on your manifesto, and you do exactly what you say you do. Ever thought of going into politics?
—Jerry Kennard

More praise for Big Medium

About Global Moxie | The Global Moxie Manifesto | Contact