Hi everyone, I’m running into an issue with the Mendix File Dropper where some PDF files fail to upload with the following error: “Error saving files! Error: Request failed with status code 403” In these cases, the POST request sent during upload returns HTTP 403. What’s puzzling is that if I take the exact same PDF and “re-print” it using a virtual PDF printer (e.g., PDF24) to generate a new PDF, the newly generated file uploads successfully with no errors. Has anyone encountered something similar or have an idea what might be causing this? For example, could it be related to specific PDF properties/metadata (encryption, embedded scripts, incremental updates, fonts, XFA forms, file structure, etc.) that might trigger server-side rejection? Any pointers on where to look (Mendix runtime settings, FileDocument constraints, reverse proxy/WAF rules, etc.) would be greatly appreciated. Thanks in advance
asked
Michal Pawlikowski
2 answers
2
False positives are common with all security mods; you can’t really “turn them off” without weakening security. The usual fix is to work with your network/security team to tune the rules (add an exception for the upload endpoint or whitelist the specific triggered rule ID). This is not a Mendix-specific issue. The same behavior can happen with other platforms and programming languages as well, because the request is typically blocked before it even reaches the application.
answered
Ahmet Kudu
0
hi,
This usually isn’t a File Dropper issue.
A 403 during PDF upload means the file is being blocked by security or validation, not by the UI. The fact that the same PDF uploads fine after re-printing is the key clue — re-printing removes things like embedded scripts, XFA forms, incremental updates, or non-standard PDF structures.
Most commonly this is caused by:
Reverse proxy / WAF rules blocking certain PDF content
FileDocument validation or before-commit logic
Security inspection rejecting PDFs with advanced features
Check your proxy/WAF logs and any custom FileDocument logic. Mendix itself usually just reports the 403 returned by the infrastructure.