toast691 Posted March 18, 2019 Share Posted March 18, 2019 Thank you for any assistance with this issue. If i go to update a products information in the admin section then click save I am getting the following error. I also get this error if I try to update a document as well. Forbidden You don't have permission to access /admin_tGCWV9.php on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Any ideas what could be causing this? Link to comment Share on other sites More sharing options...
devong67 Posted March 19, 2019 Share Posted March 19, 2019 I also am seeing this error messaging on my site. Please advise. Link to comment Share on other sites More sharing options...
bsmither Posted March 19, 2019 Share Posted March 19, 2019 Please try this: * Bring the product up for editing. * On the Description tab, switch the editor to Source mode * Copy and paste the product's Description (and Short Description) to a text editor on your computer * Replace everything in the Description (and Short Description with something very simple, "Rainbow" for example * Save this The test is to determine if you have entered something in the Description that may be tripping a server-level security utility. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 19, 2019 Share Posted March 19, 2019 This is almost certainly caused by the content you are entering in the description field tripping something known as mod_security which is a basic WAF, which while it can pick up legitimate security issues, does also pick up a lot of false negatives especially if the mod_security database isn’t updated as often as it should be or you are running old software (for example CubeCart V3 and V4 trip a lot of current mod_security rules much like other applications that are that old) Ian Link to comment Share on other sites More sharing options...
toast691 Posted March 19, 2019 Author Share Posted March 19, 2019 Thanks bsmither and Ian. I did as you mentioned bsmither replacing it with rainbow and it saved without any issues. I then pasted the original source text back in and the forbidden error came back up immediately. I also tried removing all the source code and then manually typing the description into the description field and the forbidden error came up again. I am using version 6.2.2 - Haven't had time to upgrade as of yet. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 19, 2019 Share Posted March 19, 2019 It will not be the version of CubeCart you are running unless it is a very old version - you need to speak to your hosting company and if you don’t get any immediate solution from them as they should be able to see exactly what is going on, then maybe look for a new hosting company Link to comment Share on other sites More sharing options...
keat Posted March 19, 2019 Share Posted March 19, 2019 Are you usung any special carachters, like percent signs, excalmation marks, or apostraphies etc. I'd hazard a guess that you may be tripping an SQL Injection rule. Link to comment Share on other sites More sharing options...
toast691 Posted March 19, 2019 Author Share Posted March 19, 2019 I have pasted an example of our product description below. The strange thing is we have had these descriptions in place for three years now for around 1000 products and no changes have been made to them. The only reason I wanted to edit this product was to make price changes not anything to do with the description. It seems like all our products cant be edited and saved at the moment. Avena sativa - Organic - AusQual Certified Oats are an annual to 1 metre, excellent green manure forage crop. Nutritious, edible grain and can also be used for stock feed. Oats can also be used for sprouting having a chewy nutty texture that is surprisingly sweet. When growing as a green manure crop combine with chickpea seed. Sow Autumn-Winter. Seed packet contains approx 20g 1kg will cover 70m2. 20 seeds/gram. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 19, 2019 Share Posted March 19, 2019 All you need to do is speak with your hosting company and ask them to confirm you are tripping a mod_security rule. They may be able to help determine what the cause is based on what rule is being tripped but to be honest, most won’t bother and your only option then is to.ask them to whitelist that rule for your account. It is VERY unusual for up to date standard CubeCart to trip mod_security rules though - if it isn’t mod_security, then your hosting company should be able to determine what is causing the 403 Ian Link to comment Share on other sites More sharing options...
bsmither Posted March 19, 2019 Share Posted March 19, 2019 Yes, clicking Save when editing a product will submit all data on all screens - regardless whether any of it changed. Perhaps to satisfy your curiosity, you can progressively remove half the content and see if the server faults. If it does, remove half of what was left. If it doesn't remove half of the half you previously removed. Eventually, you might hit the expression that is tripping the rule (if this is a mod_security issue). I used this tester: https://www.modsecurity.org/crs-demo.html but got a 201 response. I do not know if that is what I wanted to see or if there was some kind of error. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.