Hello,
Same problem with the US based provider Dotster (old 000domains.com)
The xataface installation was smooth - no problems at all.
In my case I had access to the web server logs. This is part of my message to tech support:
//
I receive a "403 error - access denied" when I click on
http://www.xxxx.com/zzzz/db/index.php?- ... ust_id%3D1 I believe the server perms are correct.
The error log of your server shows that apache modsecurity thinks this is a php exploit, which is not.
[Tue cc:cc:cc:cc] [error] [client xx.xx.xxx.xx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^-" at QUERY_STRING. [msg "php exploit"] [hostname "www.xxxx.com"] [uri "/zzzz/db/index.php?-table=customers&-action=browse&-cursor=0&-skip=0&-limit=30&-mode=list&-recordid=customers%3Fcust_id%3D1"] [unique_id "5hl@jMaRKz"]
Then, In my .htaccess, in order to disable modsecurity I added the line
SecFilterEngine Off
but this creates an Internal server error 500 with the message
[Tue cc cc:cc:cc] [alert] [client xx.xx.xx.xx] /usr/local/pem/vhosts/259303/webspace/httpdocs/zzzz/db/.htaccess: Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a module not included in the server configuration, referer:
http://www.xxxxx.com/zzzzz/db/index.php I understand that this is a security setting but I need to be able to override it only for this particular directory.
///
Their canned reply follows:
///
Thank you for contacting Customer Care,
I'm sorry to hear that you're having difficulty with the design and functionality of your website. This error appears to be due to coding, and unfortunately technical support does not support coding, web design nor web development and this falls into that realm. I apologize for any inconvenience.
///
No escalation, no additional questions. I explained to them that I was using this framework in other servers w/o any problems and that there was no security issue, but no luck.
I am switching hosts as soon as this subscription ends.
S.