Announcement

#1 2023-03-07 14:54:07

KN
Member
2021-03-20
4

Unable to login as admin

Hello/Hi/Greetings,

I cannot login as admin (or any user) to my piwigo gallery after i logged out earlier today after updating all. error message: "Forbidden, You don't have permission to access this resource."

Piwigo and all plugins are up to date. PHP version 7.4. Version 8.1 is giving other problems and not solving this issue

The Piwigo export plugin for lightroom can still log in to my gallery (works through xmlrpc). The same credatials do not work for login via the browser.

I have tried a new additional install of Piwigo: same problem

I have review the topics on this site with a similar subject, but these give me no additional clues for a solution.

resetting the password did not help.

(Copy here your environment details, found on your Piwigo page [Administration > Tools > Maintenance]) : not reachable

Piwigo URL: https://www.knfoto.nl/archiefbeelden/

Thanks in advance for any idea's

Kees

Last edited by KN (2023-03-07 14:59:54)

Offline

 

#2 2023-03-07 18:36:54

erAck
Only trying to help
2015-09-06
2054

Re: Unable to login as admin

Check the web server user's permissions on files and directories and inspect all .htaccess files that could be involved.


Running Piwigo at https://erack.net/gallery/

Offline

 

#3 2023-03-08 12:26:36

KN
Member
2021-03-20
4

Re: Unable to login as admin

@eRrAck, thanks for your reply!

I did check the user permissions and htacces file. No resolution vould be found there.

Also i checked with my privider. They confirm that the Comodo WAF is in the way. There is a possibility to disable the applicable rule but they claim that I then create a security vulnerability.

I requested more specifics about the applicable rule and wil post this here after I receive them.


Update: My provider told me it is rule: 244780. Whatever this means


Kind regards,

Kees

Last edited by KN (2023-03-08 13:29:15)

Offline

 

#4 2023-03-08 13:34:31

KN
Member
2021-03-20
4

Re: Unable to login as admin

After further investigations and searches on this forum on "mod security" I tested several idea's from this forum.

The idea that loggin in through: https:\mysite\mypiwogo\admin did let me log in to the admin panel. I am yet to test if all the functions really do work but this looks promissing.

So far my conclusion is that de "identification.php"is triggering a WAP rule which is not triggered by admin.

Seems to me (and my provider) that something needs to be improved on this.


Kees

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact