"Why do I get a 403 error when trying to use Gii?"

After enabling the Gii module in your protected/config/main.php file and then try to use it with http://example.com/index.php?r=gii, you get an error: ~~~ Error 403 You are not allowed to access this page. ~~~ This is almost certainly caused by the IP filtering mechanism that Gii uses to protect your system from outsiders - by default it allows localhost only (both IPv4 and IPv6), and remote users (which apparently includes you) won't be allowed in.

To fix this, look in your main config file for the modules section for Gii, and add an ipFilters array that includes your own IP:

// protected/config/main.php
return array(
    ...
    'modules' => array(
        'gii' => array(
            'class'     => 'system.gii.GiiModule',
            'password'  => 'Enter Your Password Here',
            'ipFilters' => array('127.0.0.1', '192.168.1.7'),   // EDIT TO TASTE
        ),
        ...

The ipFilters property can include as many items as you like, and they can be straight IP addresses or wildcards such as "192.168.1.*".

IPv6 addresses are supported as well if the underlying platform supports it, and "::1" represents localhost (which may be required in some configurations).

Be careful not to open Gii to a too-wide audience lest it become a security risk.

Note: Yii 1.1.6 adds the default filter directly to the stock config file:

// If removed, Gii defaults to localhost only. Edit carefully to taste.
    'ipFilters'=>array('127.0.0.1','::1'),

so this FAQ may not be so frequent much longer.

6 0
5 followers
Viewed: 87 427 times
Version: 1.1
Category: FAQs
Tags: config, Gii
Written by: Steve Friedl
Last updated by: Steve Friedl
Created on: Dec 12, 2010
Last updated: 13 years ago
Update Article

Revisions

View all history

Related Articles