Topic on Extension talk:VisualEditor

Jump to navigation Jump to search

VisualEditor fails with HTTP 403 errors on NameCheap hosting with Apache

Summary by SSastry (WMF)

NameCheap uses Apache. HTTP 403 there is triggered by ModSecurity.

Contact support to resolve these security issues. Whitelisting / turning off ModSecurity can help.

Csharries (talkcontribs)

I recently encountered this issue when deploying MediaWiki 1.35 + VisualEditor onto Namecheap Shared Hosting which uses Apache.

If you experience this error when attempting to save a page, it is likely that ModSecurity has triggered a warning. In order to resolve this issue I simply had to contact Namecheap support and request that they whitelist the security rules that were being triggered on my site, since then I have been able to use VisualEditor perfectly fine.

Rehman (talkcontribs)

Hello. I too am on Namecheap shared hosting (Apache). It is quite frustrating that everyone talks about this out-of-the-box issue, but there seems to be no clear solution. Would you be able to share your ticket number with me please (email?), so that I can try reaching out to namecheap, asking them if they can apply that fix for me?

SSastry (WMF) (talkcontribs)

Did you try this already?

Rehman (talkcontribs)

Hello @Csharries, I cannot thank you enough for sharing the above. You are right. I did contact Namecheap and their ModSecurity WAF was the cause of the issue. Once they turned it off on all my test domains/subdomains, VE worked.

I cannot seem to create or edit in [at least] the User namespace though, but I guess that is a VE setting.

I doubt I'd be able to resolve this issue if you hadn't posted the above comment. So, thank you again.

For anyone wanting to contact Namecheap for the same issue, you may quote the ticket number QSE-776-10867. For others, just see if your hosting service have ModSecurity or another WAF enabled, and if they could turn it off (at least temporarily) for you to test.

Hope this helps.