keat Posted May 12, 2017 Share Posted May 12, 2017 I've 2 sites on a hosting plan. (both on 6.1.7) When trying to edit a product, i receive the following error. 403 Forbidden Server configuration does not allow access to this page. I'm not ruling out a bad code edit at my end at this stage, but before I log a ticket with the hosts, does anyone have any clues where to start looking. I know if i log a ticket with the host, it'll be 24 hours before i get a reply, and then i'll get the run around for a week. There is nothing in error.log, cart errors or raw access logs giving any indication. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Who is your hosting provider? UK2.net added a bunch of security software recently that blocks CubeCart form data. Quote Link to comment Share on other sites More sharing options...
keat Posted May 12, 2017 Author Share Posted May 12, 2017 HostPapa Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 12, 2017 Share Posted May 12, 2017 8 minutes ago, keat said: I know if i log a ticket with the host, it'll be 24 hours before i get a reply, and then i'll get the run around for a week. 24 hours for a reply and then messed around for a week - my first suggestion is to immediately change hosting companies ! 403 errors, especially in those circumstance, are almost certainly due to a mod_security rule trip. It will be being caused by something within the description content but sometimes, content that looks fine trips a rule. Depending on the rule, often it is fine to simply whitelist that although understanding what the rule is and why it is being tripped is always a good idea. You may whitelist that rule, try it again and trip another one as the process stops at the first rule trip and you can hit successive ones. Checking which rule has been tripped and whitelisting it is a job for your host unless you have root WHM access - back to point one though ! Ian Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Hmmm.. I wonder if there are any awesome hosting companies around to change to. Hehe. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 12, 2017 Share Posted May 12, 2017 Quote Link to comment Share on other sites More sharing options...
keat Posted May 12, 2017 Author Share Posted May 12, 2017 HostPapa were great when I signed up in 2008, support was immediate, and via webchat. Over the last few years however, support has gone out to India, and it's pretty diabolical, for this reason, I bought my own dedicated server, and have our important sites running from this. The sites in question are low volume sites, so I left them where they were. £80 per year for 100 databases, unlimited space and email addresses isn't bad, just a shame that the support went south. Any way to recreate this from a customer perspective, so I can point the hosts in the right direction. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 There will probably be resource limits in the fine print. cubecart.com is on a VPS with CloudLinux and cPanel. Extremely easy to manage yourself. You really do get what you pay for. I think we pay $780 per year which i think is great value. I think thats just £50 a month. Quote Link to comment Share on other sites More sharing options...
keat Posted May 12, 2017 Author Share Posted May 12, 2017 I pay about the same for my dedicated server. I do prefer to keep this to a minimum though ... as far as web sites go. Quote Link to comment Share on other sites More sharing options...
keat Posted May 12, 2017 Author Share Posted May 12, 2017 Blimey, that's a record. The fault was indeed identified as a false positive on a modsec rule. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 I see this all the time.. Quote Link to comment Share on other sites More sharing options...
keat Posted May 12, 2017 Author Share Posted May 12, 2017 I see a number of them on our own server, and would have probably identified this through the apache logs, but i don't have access to this on the hosted one. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 12, 2017 Share Posted May 12, 2017 1 hour ago, keat said: The fault was indeed identified as a false positive on a modsec rule. You are welcome ! It isn't necessarily a false positive - that can only be determined by looking at the rule and the data (description) being saved but while mod_sec is generally good, it does trip sometimes when it shouldn't. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.