Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

[resolved] New Ticket -> Forbidden: with hostheader URL and long none-html ticket details!??

Hi!
I really have a problem and do not know, how to slove it:

System Information:
Server OS: Win 2012 R2 with IIS 8.5
PHP: 5.6.10
MySQL: 5.6
osTicket 1.10
Website binding has a hostheader configuration.

Szenario A (working):

  1. Login to osTicket over Hostheader URL
  2. go to Creat Ticket, fill up all textfields.
  3. Typing only 1-2 words into the Ticket Details textarea!
  4. click open Ticket -> All works fine!

Szenario B (Fails)

  1. Login to osTicket over Hostheader URL
  2. go to Creat Ticket, fill up all textfields.
  3. Typing a complete sentence into the Ticket Details textarea!
  4. click open Ticket -> Failed with the following Website output:
    "Forbidden
    You don't have permission to access /scp/tickets.php on this server."
    Console output:
    "tickets.php Failed to load resource: the server responded with a status of 403 (Forbidden)"

Szenario C (works!)

  1. Login to osTicket over direct local URL!
  2. go to Creat Ticket, fill up all textfields.
  3. Typing complete sentence into the Ticket Details textarea!
  4. click open Ticket -> All works fine!

Szenario D (works also)

  1. Login to osTicket over Hostheader URL
  2. go to Creat Ticket, fill up all textfields.
  3. Typing only complete sentence as HTML without breaks into the Ticket Details textarea!
  4. click open Ticket -> All works fine!

The goal is to use Hostheader URL and write complete Ticket Details with breaks.
I do not know whats going wrong, but maybe it has something to do with the Hostheader URL? Are there some settings for that?

Hope someone can help me!

Best regards
Dave

Comments

  • edited November 14
    It seems microsoft is using multiple 403 errors which are more specific:

    Can you check which is it?
  • Sorry, there are no more information for that errorcode which I noticed.
  • edited November 14
    quoted from Scenario B: "Typing a complete sentence into the Ticket Details textarea!"

    Please provide the "complete sentence" that you used that fails.

    also feel free to PM me your hostname and I'll give it a try off network.
  • edited November 15
    if i use "test" in the details textarea, it works, but when i use

    "test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test

    test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test "

    the "Forbidden" page appears.
  • Now I took a complete new maschine (vm) with complete fresh Ubuntu Server 16.04 installation, LAMP server package and installed osticket 10.1

    Direct after installation, without any further changes i tested all szenarios.

    Again, exactly the same behavior! :( 
  • I am unable to replicated this.

    osTicket 1.10.1
    Web Server: Microsoft-IIS/8.5
    MySQL: 5.5.42
    PHP: 5.6.12

    image


    I can only presume that it is your webserver config, or a webserver module that you are running that is causing this.
  • As i tested it on ubuntu lamp server with the same results, i think server config can be excluded.

    maybe there is a misunderstanding:

    If i  am in LAN and call "https://localhostname.localdomain/scp" URL -> i works too in my environment.

    But we published the website to WAN, with "https://ost.publicdomain.de"

    If i call the WAN "https://ost.publicdomain.de/scp" URL -> the Forbidden Page appears with longer Ticket Details. 


  • edited November 15
    Is there a proxy that interferes the requests?
  • edited November 15
    What do you have Admin panel -> Settings -> Helpdesk URL set to?

    Any why bother with different URLs for the same resource?
  • there is a sophos firewall with proxy between LAN and WAN.
    As i can reach the ticket system from WAN and can create "small text" Tickets, the sophos config seems to be fine for me.
  • For me the proxy is the most likely source for such a problem if the web server config is fine. Can you bypass the proxy temporarily for testing?
  • edited November 15
    What do you have Admin panel -> Settings -> Helpdesk URL set to?
    "https://localhostname.localdomain/scp"
    or

    And why bother with different URLs for the same resource?
  • Helpdesk URL is "https://ost.publicdomain.de/scp

    Yes, I agree with the proxy as source for such problems, but i really checked the rules and also exluded the domain from the proxy-policies. But without success. I don´t know any other settings for sophos which can cause such a problem.

  • Maybe it is a bug in sophos so a setting would not help..
    Sometimes such things are also related to problems with dns entries.
  • edited November 16
    thanks for your support guys, the problem is solved.

    After checked all settings in our proxy policies the last chance was to check the publishing settings for the webservice on our sophos gateway. There is a publishing firewallrule, for each webserver, and the basic policy, which is selected by default, has many Filter options.
    After trial and error all options, i found it:  

    Active "SQL-Injection-Attack" AND "XSS-Attack" filtersettings causes the problem! After disableing them, the external URL  for creating longer tickets works fine too!

    But isn´t it a weak spot, to disable them?
  • Great, I'm glad that you found your solution.  I'm going to mark this thread as resolved and close it.  Please feel free to start a new thread if you have another issue, comment, suggestion, etc.
This discussion has been closed.