Jump to content

Access to Admin 403 Forbidden


Recommended Posts

4 hours ago, bondimedical said:

I managed to figure it out. mod security was on.

If you have mod_security available to you then it is much better to keep it enabled.  It is very unusual for the later versions of CubeCart to trip mod_security rules (but that will depend on what set of rules are being used) but if so, it is better to whitelist specific rules rather that disable mod_security completely

Link to comment
Share on other sites

3 minutes ago, bondimedical said:

As soon as mod security was disabled the Admin showed up. Whitelisting specific rules to make CubeCart run is beyond the scope of my knowledge. Which rules should I whitelist?

If you only have access to cPanel and not WHM, then you are only able to switch mod_security on and off and not check which rules are being tripped and then whitelist those - you would need to speak to your hosting company

Link to comment
Share on other sites

1 hour ago, bondimedical said:

Unfortunately I moved the site from my VPS to shared hosting.

So you will not have access to that information or functionality - you can and should ask your hosting company to check and whitelist rules that are being tripped. mod_security does trip one at a time and it is common for code that trips one rule to then trip one or more further rules once the first is whitelisted so it can be a short process to get it working 100%.

We use the third party "COMODO ModSecurity Rules for Apache" across every single server we run rather than the standard "SpiderLabs OWASP curated ModSecurity rule set" which comes with cPanel as we find these much better and more secure.  Standard core V6 CubeCart does not trip any rules in the set we use (although a few third party plugins do) but it sounds like the ruleset from SpiderLabs might trip more often or perhaps you arent running the latest V6 CubeCart ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...