Getting Error 403 when trying to modify any gateway settings

TimeLordship · February 25, 2026, 8:51pm

I’m getting a 403 error on my gateway, even though when I test the login: I’m able to retrieve “Administrator”.

TimeLordship · February 25, 2026, 9:00pm

I don’t see anything in the logs either.

Noah_Burnette · February 25, 2026, 9:10pm

Hi,

Is this for the API or the gateway UI?

cmallonee · February 25, 2026, 9:17pm

Could you please provide a more detailed breakdown of what specific action you are taking and in what context? If making use of the API, please include the specific route/endpoint you are requesting and the (JSON) response from your request. If using the UI, could you please include a screenshot of the page and error Toast?

The 403 suggests you lack the required permissions. You should also include some insight into the configuration applied for Write permissions, and you may want to check against the /data/app/permissions endpoint to see what the Gateway believes your permissions to truly be.

TimeLordship · February 25, 2026, 11:07pm

Is this for the API or the gateway UI?

This is for the Gateway UI. I tried to do a set of things:

Renaming gateway
Saving after disabling direct draw

TimeLordship · February 25, 2026, 11:08pm

How do I do this? Sorry it’s my first Linux setup, and it’s been a lot of learning.

cmallonee · February 25, 2026, 11:11pm

Right-click your browser page, and select “Inspect”.
In the new panel, locate the “Network” tab.
Refresh your page.
Look for a listing in the Network tab for permissions.
Click the permissions listing.
In the new panel for the listing, locate the Response tab.
Copy the content there and paste it here.

TimeLordship · February 25, 2026, 11:24pm

Thanks for the details. Here it is:

{"access":true,"read":true,"write":true}

TimeLordship · February 25, 2026, 11:27pm

I tried to change a setting and hit “Save” while on the response tab:

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>MyCompany</center>
</body>
</html>







I changed the “center” tag to anonymize my workplace.

cmallonee · February 25, 2026, 11:28pm

What version are you using? Did you or anyone else modify the System Identity Provider for this Gateway since you started your session?

I ask because the back-end is reporting that you have Write permissions, but that data can become desynchronized if the Gateway IdP is modified. If you log out of the Gateway, then log back in and check that same permissions endpoint, what do you see?

Edit:

I suppose your permission data may also become stale if you or anyone else updated the settings for write permissions while you were signed in. We introduced a “speed bump” of sorts in version 8.3.3 to prevent scenarios like this.

TimeLordship · February 25, 2026, 11:31pm

I’m using 8.3.
Identity provide continues to be default. Also no one else is aware of this server, or has access to it.

This VM is going through a company load balancer. Do you think app/platform/system/gateway/settings

…is somehow blocked by the load balancer?

TimeLordship · February 25, 2026, 11:31pm

I’ve done this several times now, same result.

cmallonee · February 25, 2026, 11:34pm

But what version of 8.3?

cmallonee · February 25, 2026, 11:50pm

While looking at the Network tab, examine the Headers tab for one of the 403 responses you’ve received, or trigger a new one. The content you posted in a previous response here is unlike anything the Gateway would be returning to you, and I’d be interested to see the Request URL value for the response. As was pointed out to me by one of our other QA members, that entire HTML response is not something we are sending.

TimeLordship · February 26, 2026, 12:02am

8.3.3 (b2026012009)

Request URL
https://ignition.CompanyName.com/data/api/v1/resources/ignition/system-properties

cmallonee · February 26, 2026, 12:10am

You should reach out to Support, as I’m out of ideas as to why you might be hitting this. I can’t rule out the load balancer, and that HTML response is very curious. Unfortunately, without being able to dive into your Gateway, I can’t see what might be causing this.

Kevin.Herron · February 26, 2026, 12:12am

Yeah, kinda seems like he's hitting a load balancer or reverse proxy or something.

Kevin.Herron · February 26, 2026, 12:16am

Yep... looks like nginx...

github.com/nginx/nginx

src/http/ngx_http_special_response.c

edb4d2ffa


/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
#include <nginx.h>


static ngx_int_t ngx_http_send_error_page(ngx_http_request_t *r,
    ngx_http_err_page_t *err_page);
static ngx_int_t ngx_http_send_special_response(ngx_http_request_t *r,
    ngx_http_core_loc_conf_t *clcf, ngx_uint_t err);
static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r);

This file has been truncated. show original

github.com/nginx/nginx

src/http/ngx_http_special_response.c

edb4d2ffa


      
          static u_char ngx_http_msie_padding[] =
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
          ;

TimeLordship · February 26, 2026, 12:18am

That’s great to see!
I’ll talk to the folks over in that team to see what needs to be done.

TimeLordship · February 26, 2026, 1:29am

It was indeed a WebApplicationFirewall rule, preventing PUT.

Working with the team to resolve it.