Drupal: admin/user/profile gives server Error 403 - Forbidden: Access

0
votes

I have a Drupal website on Godaddy.com (with IIS 7).

The weird thing is that I cannot access to the "/admin/user/profile" page to change users profiles (drupal Profile module).

I get this error:

Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

All other pages in the administration are instead accessable. E.g. /admin/user/

What could be the issue ? I don't think it is a permission issue because I get a Server Error...

thanks

3
drupaldrupal-6
Looks like some administrative system sits before Drupal. This often happens with hosters who have the example.com/admin or even /user reserved for their hosting backend. - berkes
@berkes ok, but why /admin/* works beside /admin/user/profile ? even /admin/user works.. isn't strange ? - aneuryzm
I've just found out the word "profile" is reserved. Any path with /profile/ doesn't work. I need to add a field to my users profiles. Maybe I can just add it to the specific table in mysql ? Do you know if profile module store info related to fields in one table or is more tricky ? - aneuryzm
It is tricky. Profile module has about the worst, most incomprehensible and breakable data-structure. - berkes
Possible dupe: stackoverflow.com/questions/3967015/drupal-administer/… - berkes

3 Answers

1
votes

If, as you comment, /profile/ is a reserved word, there are a few solutions:

  1. Move to another host (or threaten to do so with your current host). Really, a hoster that has reserved urls is not worth your money.
  2. Add aliases with the core path module. Enable that module at Administer » Site Building » URL aliases.
  3. Add aliases in the database, no path-module needed. Just add a record for "/admin/user/profile": INSERT INTO url_alias (src, dst) VALUES('admin/user/profile', 'admin/user/eliforp').
0
votes

Run! get off GoDaddy hosting as fast as you can! These kinds of work arounds are silly and there are plenty of hosts out there that won't put these barriers up for you. I have never, never ever had any luck with them.

0
votes

I'm on GoDaddy / IIS7 / Drupal6. 'profile' is not reserved by GoDaddy.

Judging by your url '/admin/user/profile' you probably have Clean URL's enabled? If so, and you started the sample web.config on dupal.org, then check your web.config carefully for the rule:

    <rule name="Protect files and directories from prying eyes" stopProcessing="true">
      <match url=".(engine|inc|info|install|module|profile|test|po|sh|.sql|postinst.1|theme|tpl(.php)?|xtmpl|svn-base)$|^(code-style.pl|Entries.|Repository|Root|Tag|Template|all-wcprops|entries|format)$" />
      <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
    </rule>

You'll need to remove the 'profile' and 'module' (for /admin/by-module) entries from the rule's match tag.

    <rule name="Protect files and directories from prying eyes" stopProcessing="true">
      <match url=".(engine|inc|info|install|test|po|sh|.sql|postinst.1|theme|tpl(.php)?|xtmpl|svn-base)$|^(code-style.pl|Entries.|Repository|Root|Tag|Template|all-wcprops|entries|format)$" />
      <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
    </rule>