403 ERROR: Permission Denied when creating campaign

T. M.

New Member
When creating a campaign, after I select a template in "Change/Select Template" in the "Template" step (step 3, after "Setup") and then press "Save and Next," I get the following error:

403 ERROR: Permission Denied
You do not have permission for this request:
/mailwizz/customer/index.php/campaigns/jj304g4bhz7f0/template?do=create

I turned on debugging by following the steps in https://forum.mailwizz.com/threads/enable-debugging.21/ and then reproduced the error a couple more times in succession; however, the Application Log only shows a singe error message that existed from before debugging was turned on.

I should note that I have two licenses and two copies of mailwizz on the same server: one located in ~/public_html/mailwizz/ and another located in ~/public_html/websitename.com/mailwizz/. Each was independently installed without copying from one location to another. Lets call the former installation "Installation A" and the latter installation "Installation B" to help keep things clear. Installation B works perfectly while Installation A has the problem creating campaigns.

To test whether it was a problem with how my template was written, I copied the source of the template created in Installation A and imported it into Installation B; I did not receive any error message when creating a campaign with that template on Installation B. I also copied a working template from Installation B and imported it into Installation A and received the same error message. So there's definitely something wrong with how Installation A was installed, but I'm not sure what exactly.

Thanks in advance for your assistance!
 
It was enabled and disabling it fixed the error message.

However, I don't particularly like the idea of weakening my web sites' security as a compromise to get mailwizz to run. Is there any other way to fix the error? It seems odd that I'm having a problem with modsecurity and mailwizz on only one of my two mailwizz installations (the installation at ~/public_html/mywebsitename.com/mailwizz/ works fine without disabling modsecurity).
 
@T. M. - You're not disabling mod security because of mailwizz. You're disabling it because it gets triggered by the html contents of the template. This could happen with any other cms that will allow you to post html content directly.
No idea why it does like this on this particular install, it's def. something related to the way the security filters are setup on the server, really beats me.
If you're not comfortable with disabling mod security, then upload email templates instead of editing them from mailwizz.
Anyway, i wouldn't put my trust in mod security that much, it's more a patch than a real solution to web security issues.
 
Thanks for the response!

I took your advice and packaged the template and images into a zip file and uploaded it into My Templates. Unfortunately, even when using the newly-uploaded template, I still get the same 403 error.

Also, and this could be related, none of the templates I have created on Installation A have a preview image. When I go to Update on a template and press the Preview button, if I have modsecurity enabled, the red bar at the top of the new Preview window that opens that says "Please wait while saving your template screenshot" never goes away even after the "Uploading" progress reaches 100%. If I disable modsecurity, the red bar will disappear when Uploading reaches 100% but it still doesn't create a preview image for the template.

In the application log, I get the following error each time I click Preview, regardless of whether modsecurity is enabled or not:
Code:
2016/05/07 13:34:04 [error] [exception.CHttpException.404] exception 'CHttpException' with message 'The system is unable to find the requested action "ep6802dv3wa5f".' in /home/reelmedi/public_html/mailwizz/apps/common/framework/web/CController.php:483
Stack trace:
#0 /home/reelmedi/public_html/mailwizz/apps/common/framework/web/CController.php(270): CController->missingAction('ep6802dv3wa5f')
#1 /home/reelmedi/public_html/mailwizz/apps/common/framework/web/CWebApplication.php(282): CController->run('ep6802dv3wa5f')
#2 /home/reelmedi/public_html/mailwizz/apps/common/framework/web/CWebApplication.php(141): CWebApplication->runController('templates/ep680...')
#3 /home/reelmedi/public_html/mailwizz/apps/common/framework/base/CApplication.php(185): CWebApplication->processRequest()
#4 /home/reelmedi/public_html/mailwizz/apps/init.php(222): CApplication->run()
#5 /home/reelmedi/public_html/mailwizz/customer/index.php(18): require_once('/home/reelmedi/...')
#6 {main}
REQUEST_URI=/mailwizz/customer/index.php/templates/ep6802dv3wa5f/&
HTTP_REFERER=http://www.mydomainname.com/mailwizz/customer/index.php/templates/ep6802dv3wa5f/preview

It doesn't really matter to me if there's a preview image for the templates, since the template name is enough to distinguish between them, but I'm hoping that, perhaps, this is related to the 403 error and may help in finding something else to try to fix it.

Your help is much appreciated!
 
Similar problems exist with other web scripts, page builders, etc.
If you want this to work, you need to have the same path/directory structure for each install, to avoid apache/java/etc mix ups:
~/public_html/mailwizz#1/
~/public_html/mailwizz#2/
OR
~/public_html/websitename.com/mailwizz#1/
~/public_html/websitename.com/mailwizz#2/
At least that is what I encountered with a very well known pagebuilder w/i wp.
Lemme know how it goes ;)
 
@T. M. - that error log is not pertinent to the issue so it can be ignored.
I am kind of out of ideas, maybe try raising the memory limit for PHP when mod_security is disable and see if that finishes the screenshot.
Also, worth doing all this with debug on.
 
Back
Top