Security enhancement gives 403

My Mautic version is: 4.3.1

In this issue in github The new .htaccess now gives 403 after upgrading · Issue #11249 · mautic/mautic · GitHub I was answered that the file causing the 403 error was a security enhancement.

It seems that more people feel like suffering it and the solution is to remove it.

I’ve seen if I revert to the previous version of the file, it works. But if someone committed this is for some reason to improve, I guess.

Question:

Why the “good file” gives a 403 and what should I do if instead of “removing those lines from the .htaccess” I want to stick to the file committed to the project? (I guess if it’s committed it means it’s better than the previous one).

Hey there!

In the release notes we have linked to an issue which explains what to do if you are using Mautic in a subfolder, which I guess is the case for you.

Please follow those instructions, and please do review the release notes any time you are planning to update :slight_smile:

I’m not in a subfolder.

I’m directly in the root of a subdomain, say similar to https://feedback.example.com

The “If” directive that is giving problems to everyone works in the “URL path” side? or the “filesystem side”?

Are you using a proxy before Mautic? For example SSL is added to a container by an nginx or haproxy server?

Indeed. It is using https. I’ve not manually configured the web server, I’m using a hosting that does that. Most probably they have a reverse proxy to handle letsencrypt and let mautic alone.

You can try to break the endless ssl redirect by adding
$_SERVER['HTTPS'] = 'on';
To the first line of your index.php right after the opening tag.

image
This worked for me. [upgrade] 4.1.2 to 4.2.0 issue with .htaccess · Issue #10913 · mautic/mautic · GitHub