CC 4 - Update Settings gives 403 error

[ploughguy]

I say, chaps,

I have a CC 4.3.4 installation that has been running an online store since 2010 or so.

I am about to go on holiday and I need to take the store offline.  When I try to save General Settings, I get a 403 error.

My hosting service likes to monkey with file permissions in unexpected ways, because they know what's best...

Please tell me what the name of the file is, and the appropriate permissions, so I can take the store offline and go on my holiday.

(I will be glad when it's over so I can come home and relax...)

Thanks for your help

Russ

OK, now I am more confused - I have found the code that saves the settings and it does indeed save into CubeCart_content with name = config.

So - question - Why the 403 error?

Thanks again for your help.

Russ

[ploughguy]

OK, so I have found that the config is, in fact, stored in the database.  

My user is a super-user so I would expect it to pass any update checking done by CC itself.  

Does the config update change any files, by any chance?

[havenswift-hosting]

4.3.4 - that is old !

403 errors are generally caused by the software tripping one or more mod_security rules - older software is much more prone to this.  However, in this case, it is very likely that something you have added to the description field that is displayed when your store is in maintenance mode is causing the trip. You could try examining or simply deleting everything (best in source mode) and adding some simple text message again.

Your hosting company should be able to identify and offer advice about what the problem is, or simply whitelist that rule and any other ones you may also trip.  You may also have an option to switch off mod_security completely for your whole account within your cPanel dashboard and while I don't recommend that long term, you could switch it off, save the settings to switch your store into maintenance mode and switch mod_security back on.

Finding and fixing the problem is by far the best way forward but asking your hosting company to whitelist the odd rule isn't an issue either

Ian

[ploughguy]

Thank you!   The hosting co has confirmed that I tripped not one but four mod_security rules.

We are now working out how to deal with it until I can upgrade to something more modern.

[bsmither]

Havenswift will be able to provide some inside info, so we would like to know (if you were told) the code numbers of the rules that were tripped.

Having just recently gone through a similar scenario, once we know the tripped rules, we can evaluate what it was about setting your store offline that we may be able to straighten out.

 

[havenswift-hosting]

Whitelisting 4 rules isn't a major issue although does mean your hosting account isn't protected by those rules at all but then many hosting companies don't implement mod_security at all so you are much better off than them !

4.3.4 upgrade to V6 isn't a major issue although you will need a new skin and also you say you have mods so you would need to look to replace those with V6 plugins - hopefully equivalent ones exist.

If you want some help when you get back from your holidays, give me a shout but in the meantime, enjoy your holidays, probably much needed !

Ian

[keat]

Could you not create a very simple index.html

upload this to your stores root folder,

and then rename index.php to something like index.php-goneaway, until you return.

 

 

 

<html>

<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>

<body>

<p>Our store is offline until the 6th of March.</p>
<p>Sorry for any inconvenience.</p>

</body>

</html>