A user of MediaWiki on a site that I support complained about this. I created a user ID (I don't normally use the wiki) and found that clicking on any user name in the user list (including my own, as a Sysop) throws a 403. I could find no reference to this particular problem, so I updated MediaWiki to 1.26.2 (from 1.23.6) in the hopes that the newer version would not have this problem, but it persists.
Any ideas?
You mean what you get is an error 403 in the form of a server error page?
MediaWiki does not produce server error pages; even if this error happened inside MediaWiki (which I doubt), then you should still see some kind of wiki page. My guess is that this is caused by something in the server configuration. E.g. by some setting in httpd.conf or .htaccess...
Thank you for the redirect.
It turned out to be a patch that the host had created to block SQL injection attacks.
@TeezerApoe4 do you have more information on this & were you able to get it resolved? I'm getting the same issue with a recent installation and would like to fix it if possible :)
I did get it resolved by removing the patch. The host added the patch out of an excess of caution, but no actual threat. Anyway, the patch was in the code that called MediaWiki, not MediaWiki itself. Unfortunately, I didn't keep any specific documentation.
I just had the same problem on a hosted site, administering a mediawiki installation through cpanel. I linked here when I complained; the hoster fixed it and wrote: "The 403 error looks like it was being caused by our security software, and clicking on the username link was triggering a false positive. I've just whitelisted the rule, and tested the site to confirm it's loading now." So it's still happening, and there's still no specific documentation, sorry.
I was having this problem as well.
It turned out to be apache modsecurity OtherApps conf. Disabling this rule should solve the problem
