This operation is forbidden

9.1.x
webserver_issue
help

#1

Hello,

I started using a reverse proxy server such as CloudFlare to serve my Ownclould file server to the public. Unfortunately I am getting an error "This operation is forbidden" when viewed publicly and everything works fine when I access the server directly by changing the hosts file. I've added all the Proxy IP address in the config file like this:

trusted_proxies' => array('XXX.XXX.XXX.XXX', 'XXX.XXX.XXX.XX1', 'XXX.XXX.XXX.XX2'),
'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTPS_X_FORWARDED', 'HTTPS_FORWARDED_FOR')

Still getting the same error. Viewing the owncloud log files shows nothing. Also nothing strange in Apache's access or error logs.

Server configuration
Operating system: Centos 7.2
Web server: Apache
Database: SQLLITE
PHP version: 5.4.44
ownCloud version (see ownCloud admin page): 9.1.4 (stable)
Updated from an older ownCloud or fresh install: Update
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): reverse proxy

ownCloud log (data/owncloud.log)

{"reqId":"WKr6Ucb1P7EAAAeuRhQAAAAK","remoteAddr":"x.xx.x.x","app":"DeleteOrphanedItems","message":"0 orphaned system tag relations deleted","level":0,"time":"2017-02-20T14:16:49+00:00","method":"GET","url":"\/cron.php","user":"--"}
{"reqId":"WKr6Ucb1P7EAAAeuRhQAAAAK","remoteAddr":"x.xx.x.x","app":"DeleteOrphanedItems","message":"0 orphaned user tag relations deleted","level":0,"time":"2017-02-20T14:16:49+00:00","method":"GET","url":"\/cron.php","user":"--"}
{"reqId":"WKr6Ucb1P7EAAAeuRhQAAAAK","remoteAddr":"x.xx.x.x","app":"DeleteOrphanedItems","message":"0 orphaned comments deleted","level":0,"time":"2017-02-20T14:16:49+00:00","method":"GET","url":"\/cron.php","user":"--"}
{"reqId":"WKr6Ucb1P7EAAAeuRhQAAAAK","remoteAddr":"x.xx.x.x","app":"DeleteOrphanedItems","message":"0 orphaned comment read marks deleted","level":0,"time":"2017-02-20T14:16:49+00:00","method":"GET","url":"\/cron.php","user":"--"}
{"reqId":"WKr7RMb1P7EAAAWsOCcAAAAH","remoteAddr":"x.xx.x.x","app":"PHP","message":"Division by zero at \/var\/www\/html\/owncloud\/lib\/private\/Preview.php#718","level":3,"time":"2017-02-20T14:20:52+00:00","method":"GET","url":"\/index.php\/core\/preview.png?file=%2FMedia%2F%D8%B1%D8%B2%D9%85%D8%A9+%D8%A7%D8%B9%D9%84%D8%A7%D9%85%D9%8A%D8%A9%2F%D8%A2%D8%AE%D8%B1+%D8%A7%D9%84%D8%B5%D9%88%D8%B1+%D8%A7%D9%84%D8%A7%D9%86%D8%B4%D8%A7%D8%A6%D9%8A%D8%A9+%D9%84%D9%84%D9%85%D8%A8%D9%86%D9%89%2F%D8%A7%D9%84%D8%AD%D8%AF%D8%A7%D8%A6%D9%82.JPG&x=455&y=256&a=1&mode=cover&c=56138e5fdf96b&forceIcon=0","user":"USERNAME"}
{"reqId":"WKr7RMb1P7EAAAWsOCcAAAAH","remoteAddr":"x.xx.x.x","app":"PHP","message":"Division by zero at \/var\/www\/html\/owncloud\/lib\/private\/Preview.php#718","level":3,"time":"2017-02-20T14:20:52+00:00","method":"GET","url":"\/index.php\/core\/preview.png?file=%2FMedia%2F%D8%B1%D8%B2%D9%85%D8%A9+%D8%A7%D8%B9%D9%84%D8%A7%D9%85%D9%8A%D8%A9%2F%D8%A2%D8%AE%D8%B1+%D8%A7%D9%84%D8%B5%D9%88%D8%B1+%D8%A7%D9%84%D8%A7%D9%86%D8%B4%D8%A7%D8%A6%D9%8A%D8%A9+%D9%84%D9%84%D9%85%D8%A8%D9%86%D9%89%2F%D8%A7%D9%84%D8%AD%D8%AF%D8%A7%D8%A6%D9%82.JPG&x=455&y=256&a=1&mode=cover&c=56138e5fdf96b&forceIcon=0","user":"USERNAME"}
{"reqId":"WKr7RMb1P7EAAAWsOCcAAAAH","remoteAddr":"x.xx.x.x","app":"PHP","message":"Division by zero at \/var\/www\/html\/owncloud\/lib\/private\/Preview.php#718","level":3,"time":"2017-02-20T14:20:52+00:00","method":"GET","url":"\/index.php\/core\/preview.png?file=%2FMedia%2F%D8%B1%D8%B2%D9%85%D8%A9+%D8%A7%D8%B9%D9%84%D8%A7%D9%85%D9%8A%D8%A9%2F%D8%A2%D8%AE%D8%B1+%D8%A7%D9%84%D8%B5%D9%88%D8%B1+%D8%A7%D9%84%D8%A7%D9%86%D8%B4%D8%A7%D8%A6%D9%8A%D8%A9+%D9%84%D9%84%D9%85%D8%A8%D9%86%D9%89%2F%D8%A7%D9%84%D8%AD%D8%AF%D8%A7%D8%A6%D9%82.JPG&x=455&y=256&a=1&mode=cover&c=56138e5fdf96b&forceIcon=0","user":"USERNAME"}
{"reqId":"WKr7RMb1P7EAAAWsOCcAAAAH","remoteAddr":"x.xx.x.x","app":"PHP","message":"Division by zero at \/var\/www\/html\/owncloud\/lib\/private\/Preview.php#718","level":3,"time":"2017-02-20T14:20:52+00:00","method":"GET","url":"\/index.php\/core\/preview.png?file=%2FMedia%2F%D8%B1%D8%B2%D9%85%D8%A9+%D8%A7%D8%B9%D9%84%D8%A7%D9%85%D9%8A%D8%A9%2F%D8%A2%D8%AE%D8%B1+%D8%A7%D9%84%D8%B5%D9%88%D8%B1+%D8%A7%D9%84%D8%A7%D9%86%D8%B4%D8%A7%D8%A6%D9%8A%D8%A9+%D9%84%D9%84%D9%85%D8%A8%D9%86%D9%89%2F%D8%A7%D9%84%D8%AD%D8%AF%D8%A7%D8%A6%D9%82.JPG&x=455&y=256&a=1&mode=cover&c=56138e5fdf96b&forceIcon=0","user":"USERNAME"}
{"reqId":"WKvpT8b1P7EAAAWsPD8AAAAH","remoteAddr":"x.xx.x.x","app":"no app in context","message":"Invalidating tokens older than 2017-02-20T07:16:31+00:00","level":1,"time":"2017-02-21T07:16:31+00:00","method":"GET","url":"\/cron.php","user":"--"}
{"reqId":"WKvrucb1P7EAAAetSdgAAAAJ","remoteAddr":"x.xx.x.x2","app":"DeleteOrphanedSharesJob","message":"0 orphaned share(s) deleted","level":0,"time":"2017-02-21T07:26:49+00:00","method":"GET","url":"\/cron.php","user":"--"}

Integrity status for oC9+

No errors have been found.

#2

Is your proxy filtering something? Check the brower console as well for errors.


#3

Nothing, all traffic and headers are received without any changes.


#4

Most likely some limitation of Cloudflare blocking the needed WebDAV methods for ownCloud or a specific file size. Putting the word "cloudflare" into the search on the top right of the forums or at [1] gives you a few impressions where Cloudflare is known to break things.

[1] https://doc.owncloud.org/server/latest/admin_manual/search.html?q=cloudflare


#5

The the JS console I am getting the following:
http://OWNCLOUDURL.DOMAIN/public.php/webdav/ [HTTP/1.1 403 Access Denied 156ms]


#6

Yeah, most likely cloudflare is blocking something here as explained above.