Support

Akeeba Backup for WordPress

#27745 – Error 403 with Webcron after enabling hsts?

Posted in ‘Akeeba Backup for WordPress’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Monday, 15 May 2017 07:16 CDT
RRO
Hi Nicholas, after enabling hsts on our webserver Akeeba Frontend Backup with webcron.org is logging a 403-error. Do you know anything about this by chance? Regards!

KaM - Daily

Status: 403-

Executed at 2017-05-15 09:05:08 (CET)



First 255 characters of response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /wp-content/plugins/akeebabackupcore/app/index.php

on this server.</p>

</body></html>

Custom Fields

WordPress version (in x.y.z format) 4.7.4
PHP version (in x.y.z format) 7.0
Akeeba Backup version (x.y.z format) 2.1.3
 
Monday, 15 May 2017 08:30 CDT
nicholas
If you are using HSTS (and HTTPS in general) you should make sure that the URL you use with WebCron starts with https://. If this is already the case please note that you are getting a 403 Forbidden which means that a .htaccess file anywhere in the path pf this file is preventing direct web access to our index.php file. This is usually something you do through a security plugin or by modifying your site's .htaccess file manually.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Tuesday, 16 May 2017 05:41 CDT
RRO
Hi Nich,
thx for your fast reply.

The links were https already since February. They were functional until enabling hsts. Crosschecked this by testing them manually in Firefox. There they work as expected.

I assume webcron doesn't handle the hsts as a normal browser does. I already opened a ticket with them but have no reply yet.

Any other ideas?

Regards,
Ralf
 
Tuesday, 16 May 2017 07:09 CDT
nicholas
HSTS is just an HTTP header which tells browsers "next time you're going to access this site don't bother using HTTP, go straight to HTTPS". There is nothing it can break. I have to insist that since your URLs are already HTTPS and you are getting a 403 Forbidden this means that a .htaccess file anywhere in the path of this file is preventing direct web access to our index.php file. This is usually something you do through a security plugin or by modifying your site's .htaccess file manually. Since you added the HSTS header I understand that you edited your .htaccess. Please double check what other changes you made.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Tuesday, 16 May 2017 08:04 CDT
RRO
Yep, thought so too, but was mislead by reading the browser is doin' the caching so I assumed there may be the problem.

Turns out I was wrong :-(
It's a prob with GeoIP-Blocking.

Accees to the site was allowed only from DE, GB, US and IE. Either webcron uses multiple servers in different countries or they moved to France short while ago 'cause tracert shows the server's now based there.

I added FR to my allowed countries and backup's runnin' fine as before.
 
Tuesday, 16 May 2017 14:21 CDT
nicholas
WebCron has always been a French company. I guess they must have moved their servers recently.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Thursday, 15 June 2017 17:17 CDT
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!