Security enhancement gives 403

Product Support
1

My Mautic version is: 4.3.1

In this issue in github The new .htaccess now gives 403 after upgrading · Issue #11249 · mautic/mautic · GitHub I was answered that the file causing the 403 error was a security enhancement.

It seems that more people feel like suffering it and the solution is to remove it.

I’ve seen if I revert to the previous version of the file, it works. But if someone committed this is for some reason to improve, I guess.

Question:

Why the “good file” gives a 403 and what should I do if instead of “removing those lines from the .htaccess” I want to stick to the file committed to the project? (I guess if it’s committed it means it’s better than the previous one).

2

Hey there!

In the release notes we have linked to an issue which explains what to do if you are using Mautic in a subfolder, which I guess is the case for you.

Please follow those instructions, and please do review the release notes any time you are planning to update :slight_smile:

3

I’m not in a subfolder.

I’m directly in the root of a subdomain, say similar to https://feedback.example.com

The “If” directive that is giving problems to everyone works in the “URL path” side? or the “filesystem side”?

4

Are you using a proxy before Mautic? For example SSL is added to a container by an nginx or haproxy server?

5

Indeed. It is using https. I’ve not manually configured the web server, I’m using a hosting that does that. Most probably they have a reverse proxy to handle letsencrypt and let mautic alone.

6

You can try to break the endless ssl redirect by adding
$_SERVER['HTTPS'] = 'on';
To the first line of your index.php right after the opening tag.

7

image
This worked for me. [upgrade] 4.1.2 to 4.2.0 issue with .htaccess · Issue #10913 · mautic/mautic · GitHub