An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#10918 - 07/11/10 12:53 AM Changing FTM theme...
artie505 Online


Registered: 08/04/09
My current FTM theme is ubbthreads_finetunedmac, but when I just tried to select a new theme (or even reselect my current theme) I was, in all instances, taken to a page that told me:

"403 Forbidden
You have requested a file that the server has been instructed not to give you access to. Please try one of the links above.

/forums/ubbthreads.php?ubb=changeprefs&what=style&value=1&curl=http%3A%2F%2Fwww.finetunedmac.com%2Fforums%2Fubbthreads.php%3Fubb%3Dnewpost%26Board%3D11 on www.finetunedmac.com"


When I clicked back to my starting point, though, the theme drop-down reflected my change, but my screen remained ubbthreads_finetunedmac.

Huh? confused
_________________________
The new Great Equalizer is the SEND button.

Top
#10920 - 07/11/10 05:09 AM Re: Changing FTM theme... [Re: artie505]
cyn Online

Administrator

Registered: 08/03/09
I can change styles via My Stuff > Edit Preferences. Using the Style Chooser menu at the bottom of a page, however, I encounter the same problem Artie did.

The URL of the 403 page and the corresponding file shown in the message depend on which style I selected (the "value=" number) and where I was when trying to switch (what follows "curl=").

Starting at http://www.finetunedmac.com/forums/ and selecting ubbthreads-dark the URL is:
http://www.finetunedmac.com/forums/ubbthreads.php?ubb=changeprefs&what=style&value=2&curl=http%3A%2F%2Fwww.finetunedmac.com%2Fforums%2F

So the file in the error message is:
/forums/ubbthreads.php?ubb=changeprefs&what=style&value=2&curl=http%3A%2F%2Fwww.finetunedmac.com%2Fforums%2F

Though the URL indicates a forum page what I see is FTM.com with the logo missing and the 403 Forbidden message in place of the content.
_________________________
FineTunedMac Forums Admin

Top
#10928 - 07/11/10 12:15 PM Re: Changing FTM theme... [Re: cyn]
artie505 Online


Registered: 08/04/09
> Though the URL indicates a forum page what I see is FTM.com with the logo missing and the 403 Forbidden message in place of the content.

Starting from the page with your response I wind up at the same place, but with the logo.
_________________________
The new Great Equalizer is the SEND button.

Top
#10945 - 07/12/10 09:16 PM Re: Changing FTM theme... [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Okay, now that's bizarre! I can confirm it is happening to me as well. I'll investigate and let you know what I find.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#10949 - 07/13/10 07:02 AM Re: Changing FTM theme... [Re: cyn]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: cyn
I can change styles via My Stuff > Edit Preferences. Using the Style Chooser menu at the bottom of a page, however, I encounter the same problem Artie did.

FWIW, I can confirm this behavior, including the observation that a style change works perfectly fine when using the pulldown menu in display prefs item #7 instead of the one at the bottom of the page. While bizarre, it seems to point to a specific location for the issue.
_________________________
alternaut moderator

Top
#11003 - 07/17/10 02:09 AM Re: Changing FTM theme... [Re: alternaut]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I've been wrestling with this without success. Might be time to get UBB tech support involved; nothing I've tried has worked. frown
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#11073 - 07/21/10 07:55 PM Re: Changing FTM theme... [Re: tacit]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I have discovered the cause of this problem and I'm working on a fix.

The problem isn't with UBB.threads or with FTM directly, so it was a beast to find. The problem is actually with a security program running on the server that FTM is living on.

We are now running on a highly secure server to help mitigate against future denial of service attacks like the one we experienced a while back.Part of the server's security setting includes a mod_security rule that prevents scripts from running if they contain a URL within the parameter, to guard against people attempting to hijack any redirectors on our server in order to redirect to spam or virus settings. This is also interfering with changing the theme via the popup menu. I'm looking into a fix right now.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#11074 - 07/21/10 09:17 PM Re: Changing FTM theme... [Re: tacit]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
UPDATE: The problem has now been resolved! I'm now seeing the popup menu for selecting themes working correctly. smile
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#11081 - 07/22/10 06:09 AM Re: Changing FTM theme... [Re: tacit]
alternaut Offline

Moderator

Registered: 08/04/09
Nice job, thanks! I assume your fix won't affect server security. shocked smirk
_________________________
alternaut moderator

Top
#11096 - 07/22/10 02:24 PM Re: Changing FTM theme... [Re: alternaut]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
It shouldn't, no An exemption to the rule was made just for the script that changes the theme. smile
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#11099 - 07/22/10 08:42 PM Re: Changing FTM theme... [Re: tacit]
artie505 Online


Registered: 08/04/09
Great detective work. cool

Did the fix come from your end or from the server end? (I'd be interested in a brief explanation of how you tracked the issue to the server.)


Edited by artie505 (07/22/10 08:44 PM)
Edit Reason: Did the fix...
_________________________
The new Great Equalizer is the SEND button.

Top
#11104 - 07/24/10 01:26 AM Re: Changing FTM theme... [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The fix came from the server end; the Web hosting company had to change the security settings.

I tracked it down when I started seeing a very similar problem on another site I run. The same mysterious 403 Forbidden error was popping up, and the "a-ha" moment came when I noticed that both sites that were experiencing the error had a URL being passed as a parameter to a PHP script. So I went into the Web host's troubleshooting section, and discovered that they block any script that uses a URL as a parameter.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#11109 - 07/24/10 07:48 AM Re: Changing FTM theme... [Re: tacit]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Great catch!
_________________________
joemikeb • moderator

Top
#11111 - 07/24/10 01:36 PM Re: Changing FTM theme... [Re: joemikeb]
roger Offline


Registered: 08/04/09
Loc: Vermont
indeed! thanks for the hard work, tacit!

now if we only had more styles to choose from... wink
_________________________
MacBook 2.4 Ghz · 4 Gb ram · 10.7.5
stuff I'm interested in
iPhone 4s 7.0.2

Top
#11118 - 07/24/10 10:57 PM Re: Changing FTM theme... [Re: tacit]
artie505 Online


Registered: 08/04/09
Originally Posted By: tacit
The fix came from the server end; the Web hosting company had to change the security settings.

I tracked it down when I started seeing a very similar problem on another site I run. The same mysterious 403 Forbidden error was popping up, and the "a-ha" moment came when I noticed that both sites that were experiencing the error had a URL being passed as a parameter to a PHP script. So I went into the Web host's troubleshooting section, and discovered that they block any script that uses a URL as a parameter.

Duuuh... Way to much later I realized that the fix must have come from the hosting company.

Great detective work on your part. (Lucky you had that other site as a reference point.) cool
_________________________
The new Great Equalizer is the SEND button.

Top

Moderator:  alternaut, cyn, dkmarsh