Error 403 when accessing TNG Admin Set Up screens

Paul Barrett
Posts: 60
Joined: Sun Apr 08, 2018 6:52 pm

Error 403 when accessing TNG Admin Set Up screens

Post by Paul Barrett »

Having successfully installed TNG standalone on a DS 1821+ I have now move on to complete another, separate install of TNG integrated with WordPress using the Kloosterman method.

Mostly it's working, except that whenever I try to access the TNG Admin > Setup options for general settings, templates etc I get an error 403.

This may well be related to a separate issue I have with permissions. MY WP security package complains about too generous permissions on some folders but when I lock them down some TNG elements don't run. TNG is a subfolder in the WP install, as recommended.

Do you have a definitive guide on what permissions to apply to the various folders, in File Station > Properties > Permissions terms please rather than chmod, because I do not trust myself to mess around in the CLI?
Steve
Posts: 125
Joined: Sun Oct 01, 2017 3:08 pm

Re: Error 403 when accessing TNG Admin Set Up screens

Post by Steve »

I'm sorry I missed your post. For some reason I did not get a notification and I've been busy on a project for work.

Hopefully you used File Station to create the TNG folder and unziop the files. If you did, the permissions were set automatically. If you created the files manually using Windows or IOS you may need to change permissions.

I had the same issue when I increased the security for TNG. Some of the commands I set in Apache blocked access to some of the TNG functions. So I would start with checking the .htaccess file. The current entries in my .htaccess file are as follows:

Code: Select all

# BLOCK QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^.*(%0|%0A|%0B|%0C|%0D|%0E|%0F|127\.0).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(declare|drop|insert|name_constchar|passwd|request|waitfor).* [NC,OR]
RewriteRule ^(.*)$ $1?%1 [F,L]

Code: Select all

# Stop directory Traversing
Options -Indexes

# Do not index config files
IndexIgnore *config*.*

<Files "*config.php">
	Require all denied
	Require ip 192.168.1.1
	Require ip 127.0.0.1
</Files>
Keep in mind these commands are for Apache 2.4.