Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. Forums
  2. Support Installation & Updates

An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only

Added by roxane anquetil over 4 years ago

Hello all,

I have just installed openproject on my server, ubuntu 16.04.

Everything works, except something annoying. Some put and patch operations are impossible:

On this example, I try to update the content of project description, directly from the overview.

The request does not work:

I get the status code "403 forbidden".

I have the same problem on multiple operations. For instance, here, if I try to change the status of a task already created:

Do you have an idea of the problem?

Thanks for your kind help. :-)

Roxane


Replies (5)

RE: An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only - Added by Niels Lindenthal over 4 years ago

Hi Roxane,

can you please check the Hostname in Administration -> System settings? Does it fit the URL you have set during installation?

Best

Niels

RE: An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only - Added by roxane anquetil over 4 years ago

Hello Niels,

Thank you for your quick reply.

I have just checked and it fits the URL I mentioned during installation:

I really don't have a clue where the problem comes from. I followed the installation process step by step and used a let'encrypt SSL certificate.

All I know is that my client does not have permission to perform put and patch operation and the API returns a 403 error. But I don't know how to solve this problem.

RE: An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only - Added by roxane anquetil over 4 years ago

To be more precise, here is the response I have when I perform PATCH /PUT operations: 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access this resource.</p>

<hr>

<address>Apache/2.4.18 (Ubuntu) Server at openproject.webstreet.io Port 443</address>

</body></html>

RE: An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only - Added by Oliver Günther over 4 years ago

Hi Roxane,

your server likely has a proxy or some kind of firewall in place (eg., squid) that prohibits these HTTP methods. You need to ensure your outer web server is allowing these kind of requests for OpenProject to work reliably.

Best

Oliver

RE: An internal error occurred - Ubuntu 16.04 - PATCH and PUT operations only - Added by roxane anquetil over 4 years ago

Hi Oliver,

Thank you very much for your answer and your help. I have investigated the error logs coming from Apache, and you were right. In fact it was a problem linked to apache ModSecurity Module. 

For those who would have the same problem, here is the solution :

  1. Open apache logs via /var/log/apache2/error.log and read carefully what is written. As far as I am concerned it was a ModSecurity problem. Here was the log extract: 

ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "openproject.webstreet.io"] [uri "/api/v3/work_packages/31"] ...

2. If you are sure that it is not a danger, you can disable this rule ID. Open the file /etc/apache2/mods-available/security2.conf

and at the end at this block

 <IfModule mod_security2.c> SecRuleRemoveById 949110 </IfModule>

3. Restart apache. service apache2 restart

For me it was the solution. I hope it can help someone else.

  • (1 - 5/5)
Loading...