This operation is forbitten Config File invalid and CalDav and CardDav errors

josaladino2 · December 14, 2020, 3:06am

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

This operation is forbidden
On the settings page:

Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken.
Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation.
Your web server is not properly set up to resolve “/.well-known/carddav”. Further information can be found in the documentation.

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 19.0.6):
Operating system and version (eg, Centos 7):
Apache or nginx version (eg, Apache 2.4.46):
PHP version (eg, 7.4 and 7.3):

The issue you are facing:
on the Files page, I get the not permitted error and I can’t see any files

Is this the first time you’ve seen this error? (Y/N):
Y
Steps to replicate it:

Login
Select Files

The output of your Nextcloud log in Admin > Logging:

{"reqId":"X9bUW0JxggwQeQRWOzOi5AAAAMc","level":2,"time":"2020-12-14T02:56:27+00:00","remoteAddr":"67.60.168.59","user":"joe","app":"news","method":"GET","url":"/index.php/settings/admin/logging","message":"Configuration invalid. Ignoring values.","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","version":"19.0.6.2","id":"5fd6d45cd591c"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

 "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cl.d4x.biz"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "dbtype": "mysql",
        "version": "19.0.6.2",
        "overwrite.cli.url": "https:\/\/cl.d4x.biz",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "loglevel": 0,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "trashbin_retention_obligation": "auto",
        "versions_retention_obligation": "30, auto",
        "updatechecker": true,
        "theme": "",
        "app_install_overwrite": [
            "admin_notifications",
            "files_readmemd",
            "dashboard",
            "joplin",
            "files_external_gdrive",
            "files_external_dropbox"
        ],
        "updater.secret": "***REMOVED SENSITIVE VALUE***"

The output of your Apache/nginx/system log in /var/log/____:

[Sun Dec 13 19:59:35.453203 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/remote.php/dav/principals/users/joe/"] [unique_id "X9bVF7JyAO2AViAM0nN1OwAAAAw"]
[Sun Dec 13 19:59:35.593409 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/index.php/login"] [unique_id "X9bVF7JyAO2AViAM0nN1PAAAAAw"]
[Sun Dec 13 19:59:35.762031 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/remote.php/dav/principals/users/joe/"] [unique_id "X9bVF7JyAO2AViAM0nN1PQAAAAw"]
[Sun Dec 13 19:59:36.124142 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/index.php/login"] [unique_id "X9bVGLJyAO2AViAM0nN1PgAAAAw"]
[Sun Dec 13 19:59:36.678629 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/"] [unique_id "X9bVGLJyAO2AViAM0nN1PwAAAAw"]
[Sun Dec 13 19:59:36.820246 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/index.php/login"] [unique_id "X9bVGLJyAO2AViAM0nN1QAAAAAw"]
[Sun Dec 13 19:59:37.147746 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/principals/"] [unique_id "X9bVGbJyAO2AViAM0nN1QQAAAAw"]
[Sun Dec 13 19:59:37.296733 2020] [:error] [pid 9740:tid 47585639302912] [client 67.60.168.59:57742] [client 67.60.168.59] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "PROPFIND"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "cl.d4x.biz"] [uri "/index.php/login"] [unique_id "X9bVGbJyAO2AViAM0nN1QgAAAAw"]
[Sun Dec 13 19:59:37.689686 2020] [:error] [pid 9684:tid 47585632999168] [client 46.105.100.82:56607] [client 46.105.100.82] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "702"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "shelutionsoriented.com"] [uri "/xmlrpc.php"] [unique_id "X9bVGUJxggwQeQRWOzOi7QAAAMk"], referer: http://www.google.com.hk
[Sun Dec 13 19:59:56.672560 2020] [:error] [pid 9684:tid 47585551697664] [client 127.0.0.1:44646] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "dopey.y4x.biz"] [uri "/"] [unique_id "X9bVLEJxggwQeQRWOzOi7gAAAMM"]

tflidd · December 20, 2020, 12:48pm

You are using mod_security. To use it with Nextcloud, you obviously have to adopt the rules to work with Nextcloud.

josaladino2 · December 20, 2020, 5:14pm

I’m not sure how to do that. I would think there would be a tutorial for mod_security issued by Nextcloud.
Thanks for responding.