Announcement

Collapse
No announcement yet.

Mod_security block editing and autosave the post

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wayne Luke
    replied
    I really have no idea what is causing that. Your hosting provider is the best source of support with SERVER ERRORS such as a Server Abort.

    I didn't say disable anything. I said there is no redirect to HTTPS and it should be put into place.

    If you go to your site with HTTP, it loads. It shouldn't. It should ALWAYS redirect to HTTPS.

    Leave a comment:


  • sandrose
    replied
    Originally posted by Wayne Luke View Post
    The most likely cause of this issue is that you do not redirect HTTP requests to HTTPS. The two are not interchangeable and as time goes on, we will continue locking down security across the application as needed. This is a still a server configuration issue and not one with vBulletin. vBulletin will expect everything to be accessed under HTTPS since that is how you have it configured.
    Thank you for your response.

    I disabled redirect to https and the following error was occurred when I edit a post:

    خطأ

    معلومات الخطأ: " 0 aborted server abort"

    Leave a comment:


  • Wayne Luke
    replied
    The most likely cause of this issue is that you do not redirect HTTP requests to HTTPS. The two are not interchangeable and as time goes on, we will continue locking down security across the application as needed. This is a still a server configuration issue and not one with vBulletin. vBulletin will expect everything to be accessed under HTTPS since that is how you have it configured.

    Leave a comment:


  • Mark.B
    replied
    Originally posted by sandrose View Post

    I believe if there is an issue with the script it trigger the security of the server to run and block the script. In the previous release the issue was not exist.
    There is no issue with the script. My advice above stands.

    Leave a comment:


  • sandrose
    replied
    Originally posted by Mark.B View Post
    You will need to amend or disable the rule that is causing the issue.
    This is not a vBulletin issue, but a server issue, so your hosts are the best starting point for this.
    I believe if there is an issue with the script it trigger the security of the server to run and block the script. In the previous release the issue was not exist.

    Leave a comment:


  • Mark.B
    replied
    You will need to amend or disable the rule that is causing the issue.
    This is not a vBulletin issue, but a server issue, so your hosts are the best starting point for this.

    Leave a comment:


  • sandrose
    started a topic Mod_security block editing and autosave the post

    Mod_security block editing and autosave the post

    Hello,

    After upgrading the 5.5.3 the error occurred when editing post. (

    Error

    Error information: " 0 parsererror SyntaxError: Unexpected token س in JSON at position 24"
    I troubledshooted the issue in my server and I found the mod_security is blocking the editing Post and i found the following :

    2019-07-24 00:27:36 www.sandroses.com 151.254.17.222 CRITICAL 404 941100: XSS Attack Detected via libinjection
    Hide
    Request:
    POST /abbs/create-content/Text/
    Action Description:
    Warning.
    Justification:
    detected XSS using libinjection.
    2019-07-24 00:28:23 www.sandroses.com 151.254.17.222 CRITICAL 404 941160: NoScript XSS InjectionChecker: HTML Injection
    Hide
    Request:
    POST /abbs/ajax/api/editor/autosave
    Action Description:
    Warning.
    Justification:
    Pattern match "(?i)<[^\\w<>]*(?:[^<>"'\\s]*?[^\\w<>]*(?:\\W*?s\\W*?c\\W*?r\\W*?i\\W*?p\\W*?t|\\W*?f\\W*?o\\W*?r\\W*?m|\\W*?s\\W*?t\\W*?y\\W*?l \\W*?e|\\W*?s\\W*?v\\W*?g|\\W*?m\\W*?a\\W*?r\\W*?q\\W*?u\\W*?e\\W*?e|(?:\\W*?l\\W*?i\\W*?n \\W*?k|\\W*?o\\W*?b\\W*?j\\W*?e\ ..." at ARGSagetext.
    Could you please help me to solve the issue.

    Remark: I use PHP 7.3

    Thanks

Related Topics

Collapse

Working...
X