Hi
Almost finished With design editing and implementing everything, but get error when trying to edit Bottom Boxes - Home Page.
When trying to save I got this Message:

412 Error
Your request got filtered out due to possible security issues.
One or more things in your request were suspicious (defective request header, invalid cookies, bad parameters)
If you think you did nothing wrong:
try again with a different browser
avoid any evil characters inside the request url
If you are the owner of the website, you can consider revising the rules of the mod_security module or turning it off from your Web Hosting Control Panel.


Any quick solutions?

I use https ..

I use design: Second

https://www.autopartsnorge.com/arastt/
In Themes
Thursday, April 20 2017, 10:24 PM
Share this post:

Accepted Answer

Saturday, April 22 2017, 10:15 PM - #Permalink
Rune Rasmussen wrote:
Still I would say it's badly configured ModSecurity, being triggered by the content (@), not any scripts - especially not index.php.
Attachments:
The reply is currently minimized Show
Responses (11)
  • Accepted Answer

    Saturday, April 22 2017, 10:20 PM - #Permalink
    I agree :) ... I have already told my hosting provider :)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 10:08 PM - #Permalink
    Have done some test, as I did what you said. I deleted everything and saved. Then everything was fine.
    Therafter I did the same, phrase for phrase to look for what triged the 412 error.

    At last I find the problem, the problem was the box for the email and the sign @. When I delete this, everything is in function, and I can save.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 10:07 PM - #Permalink
    So your host doesn't allow you to override it then ...
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 10:02 PM - #Permalink
    Hi
    The htacces-file was changed earlier and have this written for a while,. Still have the same problem when trying to save.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 01:21 PM - #Permalink
    Note! You might be able to disable the triggered rule only, by adding this to your .htaccess-file:
    <IfModule security2_module>
    SecRuleRemoveById 340249
    </IfModule>
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 10:22 AM - #Permalink
    I removed the IP from your posting, and added the log into a code tag to make it readable.

    You didn't care to do the quick and simple test you was asked to?!

    Still I would say it's badly configured ModSecurity, being triggered by the content (@), not any scripts - especially not index.php. Also you already used the same script before to change your store info on the middle of the page ... Sure it might be possible to fool their trigger happy configuration, but it shouldn't be necessary.

    Gunder Johansen wrote:
    I solved it - turned of the ModSecurity, made the changes and saved, and thereafter turned the ModSec on again. Probably not the best solution, but now the front page look as I want it.

    No it's not, as you will get trouble with it later elsewhere.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 02:31 AM - #Permalink
    Have looked at the log for 412 at my host --- it says ----
    2017-04-21 23:22:46.191463 [client (Mod Removed IP)] ModSecurity: Error reading request body: Software caused connection abort  [hostname "autopartsnorge.com"] [uri "/arastt/admin/index.php"]
    2017-04-21 23:22:46.253365 [client (Mod Removed IP)] ModSecurity: Access denied with code 412 (phase 2). Pattern match "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)scrip ..." at ARGS:module_description[1][description]. [file "/services/mod_security-rules/10_asl_rules.conf"] [line "1401"] [id "340249"] [rev "3"] [msg "Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack"] [data "/index.php"] [severity "CRITICAL"] [hostname "autopartsnorge.com"] [uri "/arastt/admin/index.php"]

    The hosting provider tells me that the problem is in the script, probably someone with a little more tech knowledge can figure out what is the problem.

    I solved it - turned of the ModSecurity, made the changes and saved, and thereafter turned the ModSec on again. Probably not the best solution, but now the front page look as I want it.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 22 2017, 12:34 AM - #Permalink
    It has nothing to do with https://github.com/arastta/arastta/blob/master/admin/index.php

    You need to get yourself a better hosting, if they are unable to tell what rule is triggered, and other details they should be able to find in their logs. If they blame coding issues, they really should provide the proof for it also. But anyhow the real problem is more likely a misconfiguration of ModSecurity in their hosting.

    This is a test added today, on a decent Norwegian host, having ModSecurity running. And as you can see it was no problem editing those boxes, with Norwegian language pack (a language pack would not cause that issue anyway for just those boxes): https://sedev.eu/arastta/

    A quick test you could do would be to delete everything in the editors text field, and then save, as it's most likely the code in them your hosting has issues with.

    Anyhow ... since you aim to sell in Norwegian to the Norwegian market, get yourself hosting in Norway, and also a .no domain - to rank better in search engines ... Netbox, Pro Isp, Agdernett, Webhuset whatever, they would all be better options for you.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, April 21 2017, 11:38 PM - #Permalink
    Have contacted my host, and they was very helpfull, they have located the error to : xxxx.com/admin/index.php

    They also said this in their last answer:
    Hello,

    Thank you for the detailed information that you have provided us regarding the problem.

    After we consulted with our administrators we found out that the problem is coming from the coding of the application - Arastta Webshop which is causing our Firewall to block certain operations.

    A solution would be to disabled the ModSecurity Firewall for that domain from here > https://.........ogin.co/advanced/modsecurity/

    However, this will make the website vulnerable to incoming attacks and malicious content might be injected in the web files.

    The other option that you have is to contact the application developers and explain to them that the server firewall is blocking certain operations due to coding issues.

    If there is anything else we can assist you with do not hesitate to contact us.

    Strange that this appear only when trying to change the "bottom boxes". Anyone else have this problem, or could it be something with the Norwegian translation?

    Hope to get answers, as I realy like this, and would like everything in function before launching.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, April 21 2017, 12:50 AM - #Permalink
    If you look at the end of my webpage you could see that #About US# and #Newsletter# still are in English language. When trying to edit, just a single word, the Error-message appear when trying to save. No problems with the rest of the editing.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, April 21 2017, 12:30 AM - #Permalink
    Great to see you're moving from OpenCart to Arastta. But I recommend you edit your post, and just include one issue per topic. Move your other issues/cases into new topics. Adding to much into one makes it a mess, and people will most likely avoid responding, especially if they can't or won't respond to it all.

    Regarding editing of bottom boxes, could you tell more specific which one those are, and in what way you tried to edit - and was it any special content you tried to add?

    Was the error displaying in Arastta, or was it a server error? Most likely a server issue, since mod_security is mentioned, and you should contact your host about it.

    Feel free to include screenshots, it would help a lot understanding your issues.
    The reply is currently minimized Show
Your Reply