Akeeba Backup for WordPress

Monday, 15 May 2017 07:16 CDT

RRO

Hi Nicholas, after enabling hsts on our webserver Akeeba Frontend Backup with webcron.org is logging a 403-error. Do you know anything about this by chance? Regards!

KaM - Daily

Status: 403-

Executed at 2017-05-15 09:05:08 (CET)

First 255 characters of response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /wp-content/plugins/akeebabackupcore/app/index.php

on this server.</p>

</body></html>

Monday, 15 May 2017 08:30 CDT

nicholas

If you are using HSTS (and HTTPS in general) you should make sure that the URL you use with WebCron starts with https://. If this is already the case please note that you are getting a 403 Forbidden which means that a .htaccess file anywhere in the path pf this file is preventing direct web access to our index.php file. This is usually something you do through a security plugin or by modifying your site's .htaccess file manually.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 16 May 2017 05:41 CDT

RRO

Hi Nich,
thx for your fast reply.

The links were https already since February. They were functional until enabling hsts. Crosschecked this by testing them manually in Firefox. There they work as expected.

I assume webcron doesn't handle the hsts as a normal browser does. I already opened a ticket with them but have no reply yet.

Any other ideas?

Regards,
Ralf

Tuesday, 16 May 2017 07:09 CDT

nicholas

HSTS is just an HTTP header which tells browsers "next time you're going to access this site don't bother using HTTP, go straight to HTTPS". There is nothing it can break. I have to insist that since your URLs are already HTTPS and you are getting a 403 Forbidden this means that a .htaccess file anywhere in the path of this file is preventing direct web access to our index.php file. This is usually something you do through a security plugin or by modifying your site's .htaccess file manually. Since you added the HSTS header I understand that you edited your .htaccess. Please double check what other changes you made.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 16 May 2017 08:04 CDT

RRO

Yep, thought so too, but was mislead by reading the browser is doin' the caching so I assumed there may be the problem.

Turns out I was wrong :-(
It's a prob with GeoIP-Blocking.

Accees to the site was allowed only from DE, GB, US and IE. Either webcron uses multiple servers in different countries or they moved to France short while ago 'cause tracert shows the server's now based there.

I added FR to my allowed countries and backup's runnin' fine as before.

Tuesday, 16 May 2017 14:21 CDT

nicholas

WebCron has always been a French company. I guess they must have moved their servers recently.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 15 June 2017 17:17 CDT

System Task

system

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Edited by on 2017-06-15 17:17 CDT

Support