Global Moxie

Skip Navigation
Help!

Or search support forum

Skip Navigation

What's Global Moxie?

Global Moxie is the hypertext laboratory of Josh Clark, a designer, developer, and author who offers workshops and consulting for iPhone app design. He’s also creator of Big Medium, a web content management system. Josh spins words and code from multimedia studios in Providence, RI, and Paris, France.

What's Big Medium?

Big Medium is flexible, easy-to-use server software for creating and editing websites directly from your browser. Check out the features or download now.

On Shelves

Books by Josh Clark

Tapworthy: Designing Great iPhone Apps

Best iPhone Apps: The Guide for Discriminating Downloaders

iWork ’09: The Mising Manual

Moxiemail

Enter your e-mail to receive occasional updates:

News feeds
Home > Help! > Big Medium FAQ > Error Messages

"403: Forbidden" when adding new sections

E-mail this page Print this page

Question

Why do I get a "403 Forbidden" message when I try to add new content sections to my site?

Answer

This message typically indicates an error in the server's configuration file.

The gory details

(This section is primarily of interest to server administrators; if that's not you, you can skip down to the next section for the fix.)

Some Apache servers have a module named mod_security which scans page requests and form submissions for suspicious-looking behavior. Some Apache distributions, however, include a configuration error which incorrectly blocks valid form requests, returning the "403 Forbidden" error message.

Specifically, this problem configuration rejects any form submission that contains a semicolon in the Content-Type header. Alas, this breaks any valid request that happens to add a charset declaration in that header:

Content-Type: application/x-www-form-urlencoded; charset-UTF-8

Big Medium happens to do this when it makes Ajax form submissions (i.e., submissions that happen within the page rather than requesting an entirely new page).

The fix

The fix is to change the mod_security configuration on your server.

Option one: Edit the server's configuration file

If you are the server admin and have access to your server's configuration file, you can make the following change (otherwise, contact your admin or hosting company to do it for you).

Find the SecFilterSelective entry that looks like this:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml;)"

...and change that "$" symbol to ";?" like so:

SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded;?|^multipart/form-data;|^text/xml;)"

After restarting Apache, the error should go away.

Option two: Edit the .htaccess file

If you don't have access to the server's configuration file or your server admin will not make this change for you, you may be able to make the change by editing the .htaccess file in your site's main HTML directory. (If no such file exists, you can create a new file named .htaccess and upload it to your site's main HTML directory.)

Add these two lines to the .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

After adding those lines, the error should go away.

More from this section

Home > Help! > Big Medium FAQ > Error Messages
"Internal Server Error" or "Premature End of Script Headers"
Why do I get a "500: Internal Server Error" message when I connect to Big Medium?
“Script Produced No Output” or “CGI Error”
Why do I get this message when running Big Medium on a Windows server?
Why do I keep getting a "Session Expired" message?
This almost certainly indicates that you are out of disk space.
"File Not Found" Error After First Page of Setup Wizard
Why can't the setup wizard continue on my Windows server?
"Big Medium could not write the file bm-setup.pl"
Why do I get this error when I run the Big Medium setup wizard?
"%1 Is Not a Valid Win32 Application"
Why do I get this error when I try to run Big Medium on my Windows server?
"403: Forbidden" when adding new sections
Why do I get a "403 Forbidden" message when I try to add new content sections to my site?
"Can't locate warnings.pm in @INC"
Why do I get this message when I try to run the setup wizard?

Blog

More UX Meetups in Providence
For Your Consideration: Tapworthy iPad Apps at SXSW
The Twitter Uncertainty Principle: How Tweeting Changes Us
How Big Is Big Enough?
Develop iPhone Apps with Staying Power
Providence UX Meetup: July 20

Project News

Upcoming: Tapworthy Talks in 2010
Now Available: Tapworthy: Designing Great iPhone Apps
“iPad Headaches”: Presentation at Design For Mobile (D4M)
Tapworthy: Designing Great iPhone Apps on Bookshelves June 2010
Perl Critic for BBEdit 1.1
Now on Shelves: Best iPhone Apps
Download Big Medium
Try it free for 30 days, or buy to unlock.

Love, Love, Love

"I can't BELIEVE how easy it is to create custom templates, which is unlike every other CMS I've ever tried. It literally only took me a couple of minutes to load a new template. As a very harried and overworked web designer, this is going to save me COUNTLESS hours. I love, love, love Big Medium!!!"
—MaggiLu Tucker

"Super-efficient service. You should be running the railways!"
—Ian Watson

Big Medium is my best software purchase EVER.
—"Iwalk"

More praise for Big Medium