Bug #104410
closedCreate new content element - Forbidden (Error 403) on Apache 2.4.60+
0%
Description
When opening the New Content Element Wizard, the following error message appears:
Forbidden You don't have permission to access this resource. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Since version 2.4.60, Apache has closed the security vulnerability https://www.cve.org/CVERecord?id=CVE-2024-38474 by no longer allowing encoded question marks in URLs. This leads to the problem described above. Similar problems have also been reported in the Contao community.
By setting the UnsafeAllow3F
flag, the original behaviour of the server can be restored. However, there are already the first web hosting providers, especially in shared hosting, who understandably do not allow this. A current example is STRATO, which recently upgraded to Apache 2.4.61
For this reason, the question now arises as to whether this is an issue for TYPO3 core development or whether there is a possibility that Apache will provide another, less far-reaching, solution for the security vulnerability.