I created a module to custom export certain data from my site. The CSV is created in var/export. but when I try to give a link to download this file from server the link gives me 403 forbidden error. I see that the file has 777 permission. What can be the issue?
Magento 1.9 – Fix 403 Forbidden Error in /var/export
magento-1.9
Related Solutions
I can give you workable example:
System / Web Services / REST Roles
Role info:
Role Name: admin
Password: 123123
Role API resources:
Resources access: All
Role Users:
I have assigned admin user
System / Web Services / REST Attributes / Select {Admin}
Resources access: All
System / Web Services / REST OAuth Consumers
My magento url is http://mg1910.local.dev/
My http://mg1910.local.dev/oauth_admin.php is following:
<?php
/* live server */
$host = 'http://mg1910com.local.dev/';
$consumerKey = '7e14cd85d05456c3e4de9e3c5c5f61e4';
$consumerSecret = 'f8aab713fa50504f0fac99d564ecaf7a';
/* << live server */
$callbackUrl = "http://mg1910com.local.dev/oauth_admin.php";
$temporaryCredentialsRequestUrl = $host . "oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = $host . "admin/oauth_authorize";
$accessTokenRequestUrl = $host . "oauth/token";
$apiUrl = $host . "api/rest";
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/products?limit=3";
//$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/json'));
$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/xml', 'Accept' => '*/*'));
$productsList = json_decode($oauthClient->getLastResponse());
echo "<pre>";
print_r($productsList);
}
} catch (OAuthException $e) {
print_r($e->getMessage());
echo "<br/>";
print_r($e->lastResponse);
}
As you can see my script receive 3 products.
You may have triggered some Mod Security rules with your custom module.
Try checking your Mod Security logs or disable it and see if it works.
If it's confirmed to be caused by Mod Security, you can either identify the particular rule and disable it or change your codes to workaround the rule.
Best Answer
It's due to magento has security measures to disallow public to access
varfolder.see
/var/.htaccessfileI would recommend you to save your csv file else where. May be create a new folder in root and just save the file there.
If you really want to save file in var
Remove above code from
.htaccessfile. But this is very bad practice. You shouldavoid thisnever do this.Thanks to @fschmengler - As soon as var/cache is accssible, attackers can read sensitive configuration data. At most, add an exception for the CSV files in var/export.