Suddenly started receiving 403 errors

I’ve had NextCloud 9 stable setup for a while with Calendar, Tasks, and Contacts mostly being used. I have some files uploaded and use ownNote as well. Recently, I started receiving 403 errors in DAVDroid when contacts and calendars would sync. I also noticed that I’m also unable to add or delete calendar events while using a web browser either. I thought it could be an issue with that version so I upgraded to 10 and still have the same issue. Eventually, I thought my SQLite DB was corrupted or maybe a file was. So I did a fresh install but still had the same problem.

Under Firefox developer tools, I took a look at what was going on under the Network tab. All of the requests return 200 or 304 (good) but when I click the Create or Delete button on calendar events, that request returns a 403 (forbidden) error. I don’t see any error_log in my NextCloud directory. There is also nothing being logged in NextCloud for this either.

Another note: I am able to upload files through the browser but cannot through the NextCloud app.

I’m looking into this further but could use some direction on where to look and start troubleshooting. I am not familiar with the NextCloud source code, so any help would be appreciated.

Other details:

  • Web Server: Apache LightSpeed (PHP 5.6) on shared hosting
  • DAVDroid 1.3-ose
  • NextCloud Server 10.0 (stable)
  • Mobile Device: Android 6.0

Hello,

That sounds like the 403 is coming from the web server. All the errors seem to happen only when using DAV (caldav, carddav, webdav).

If you did nothing to cause it, then it’s likely your hosting company changed something server side, that is now blocking DAV requests.

Can you check the Apache access and error logs to see what is causing the 403?

When PHP errors are thrown, a file named error_log is produced in the same directory that the failed script is in. I’ve run a search in my Next Cloud directory and there were no error_log files. However, here are some HTTP logs (slighly modified to remove personal IPs and other data).

From my experience and a quick glance at the log file, its evedent that I can read the current data but I cannot add any new data to NextCloud.

I opened a ticket with my hosting company and they said that 403 errors are normally permission related. Well, that was obvious. Thats partly why I created a fresh install of NextCloud 10.0 with a brand new database. The fresh install was from NextCloud.com. I’d imagine that the permissions are set as they need to be… especially since I had a working installation for a while there.

The permissions should be fine considering you can upload files through the web interface. Looking over the web-server logs, it appears that only PUT, and DELETE requests are being blocked. If Nextcloud was returning the 403, then it would be logged in data/nextcloud.log file.

You may want to change the log level to everything, and see if anything pops up. You can do that in the admin interface, or by adding ‘loglevel’ => 0, to the ‘config/config.php’ file.

Here is an example of what I see with a successful upload.

{“reqId”:“INIJ1Hn03jKZRNp3xqpo”,“remoteAddr”:“24.214.****”,“app”:“admin_audit”,“message”:“File created: “//New Text Document.txt””,“level”:1,“time”:“2016-09-19T18:01:29+00:00”,“method”:“PUT”,“url”:"/remote.php/webdav/New%20Text%20Document.txt",“user”:""}

Thanks for the tips on getting better logging. It doesn’t look like NextCloud is causing the 403 when I upload (log file)… maybe I’m wrong. I did notice a 404 when the file failed to upload. The NextCloud Android app tells me I don’t have permission when it fails.

I just tried deleting a file through the NextCloud Android app and it deleted the file. But when I upload a file I get this in the log file.

Just to add to what I’ve been finding. Contacts sync just fine. I can delete and add them from the web interface and the Android app.

EDIT: I forgot to mention that when I am using the web interface, there is no logging being done when I’m using Calendar. I’m checking both nextcloud.log and owncloud.log.

There seems to be a clue in the sabre dav error complaining about not being able to locate the file. EX: ‘File with name ****.jpg could not be located’

Is the php variable ‘upload_tmp_dir’ set? Does Nextcloud have permissions to write to that directory?

Edit: If the contact app works, then it’s likely that tasks and calendar will work as well. The sabre dav error only seems to be related to files on disk.

phpinfo() shows that upload_tmp_dir has “no value”. I’ve also determined there may not have been any updated info that would have caused the Contacts app to attempt syncing at the time I started having these problems. At this time the contacts app is also failing to sync for the same reasons as the others.

This is also interesting: I made a PHP file to check phpinfo() in the subdirectory used for this subdomain’s root. The PHP file gave me a 403. Just to go all out, I even ran chmod -R 777 root-for-subdomain and still got a 403 when I tried accessing that file. I’ve deleted .htaccess in case there was something going on in there.

Before I go to my web host complaining about this again, is there any reason you can think of that would be caused my NextCloud?

That says it. There is something wrong with the permissions on your account/files, or the server is configured incorrectly. I don’t know your host, but server setups are pretty standardized, so I’m going to guess file or account permissions as the most likely cause.

FYI, 777 should never be used, and some server configurations will return a 403 error if a file has those permissions.

I would bug your host, a lot. They are in the best position to help with this. Also, fix the upload_tmp_dir variable.

The 777 was just for testing but you were right, it caused a 403. The PHP file I setup with phpinfo() worked after I changed the permissions. Obviously that didn’t fix the syncing issues. I’ll be getting ahold of my host. We’ll see how it goes, they seemed reluctant to help. Other than this situation, they’ve been pretty good.

Please make sure that you run the latest 10.0.1 version, there have been some issues with some WebDAV clients. If there is still a problem, you can try this fix:

If you don’t succeed, you can check the whole webdav-setup with a litmus test (there is a howto on forum.owncloud.org). I also remember some longer debugging with lightspeed setups, I don’t remember if we found a solution.

Thanks for the reply. For a second, I thought this was going to be what got it to work. Unfortunately, I remembered that even when I am adding calendar events through the browser, it is attempting to use DAV and it fails then too.

I had exactly the same issues of 403 errors without any log messages during debug.

My web hoster found out, that the mod security firewall blocks nexcloud traffic. The traffic was recognized as security danger. I disabled mod security for the nextcloud domain. It is now working again.

the mod security firewall blocks nexcloud traffic.

Thank you! This is the answer.

In case anyone else like me doesn’t even know about mod_security, here is what I did.

  1. Login to cPanel
  2. Click on the ModSecurity icon (Blue lock that says “Mod”)
  3. On the page that loads, you can choose to disable mod_security for the domain/sub domain that your NextCloud installation resides on.

As far as why NextCloud worked for nearly two months and one day decided to stop, I have no idea. Maybe if someone else who knows about this notices this post they can shed some light on it.

1 Like