Daily Archives: May 13, 2010

AJAX and 403 Error

You would think people who have websites that get no more than a thousand page views and a few hundred unique visitors have a far more easier life than those admins of the likes of Google and Facebook. To the most part that’s true. But then, even small admins like us face issues for no fault of us.

I have exactly such a small website that has been working just fine and I hardly maintain it. But then, one fine day, I realized that the records in a table were not getting inserted. Initially I thought it may be related to the sqlite db getting too big or corrupt. But it was just fine. Then, I thought the error might be with the AJAX library that I use from Google’s jsapi and moved to the latest version of prototype.js library. Even that didn’t help.

After a bit of one of those pulling my head moments, searching on the web gave me a clue. The script that inserts data into this table has a parameter whose value is a URL. But apparently if you have mod_security installed, it has some rule called 10_asl_rules.conf that triggers a 403 Forbidden error. Who would know that, unless you end up in this type of a scenario? The hard part is, for the large companies their admins would know what changes are being made to their infrastructure (or atleast that’s how it should be). But for small website owners who just get a shared hosting from web hosting company, they have no control. And these web hosting companies don’t realize that it’s their responsibility to inform their customers of upcoming changes and warn them of the repercussions. This is the second time in less than 6 months that my web hosting provider has screwed up things for me. The previous screw up was related to making my domain to be some remote mail server based or something like that because my MX entries (which I wanted for inbound email) point to a Google Apps based servers. So, my outgoing emails that I generate from the website stopped getting delivered. After noticing that none of the registered users were confirming their registration for a few months, I had to dig deep and find out what was going on with the emails. The support guys, after a lot of back and forth, finally tell me that they did this change a few months back.

If you are working for a web hosting company or an executive of one, please take this as a sincere and serious advice that you shouldn’t be changing the configurations without informing your customers.

Leave a comment

Filed under AJAX, web hosting