Almost finished With design editing and implementing everything, but get error when trying to edit Bottom Boxes - Home Page.
When trying to save I got this Message:
Any quick solutions?
I use https ..
I use design: Second
Responses (11)
Accepted Answer
Great to see you're moving from OpenCart to Arastta. But I recommend you edit your post, and just include one issue per topic. Move your other issues/cases into new topics. Adding to much into one makes it a mess, and people will most likely avoid responding, especially if they can't or won't respond to it all.
Regarding editing of bottom boxes, could you tell more specific which one those are, and in what way you tried to edit - and was it any special content you tried to add?
Was the error displaying in Arastta, or was it a server error? Most likely a server issue, since mod_security is mentioned, and you should contact your host about it.
Feel free to include screenshots, it would help a lot understanding your issues. -
Accepted Answer
Accepted Answer
Have contacted my host, and they was very helpfull, they have located the error to : xxxx.com/admin/index.php
They also said this in their last answer:
Thank you for the detailed information that you have provided us regarding the problem.
After we consulted with our administrators we found out that the problem is coming from the coding of the application - Arastta Webshop which is causing our Firewall to block certain operations.
A solution would be to disabled the ModSecurity Firewall for that domain from here > https://.........ogin.co/advanced/modsecurity/
However, this will make the website vulnerable to incoming attacks and malicious content might be injected in the web files.
The other option that you have is to contact the application developers and explain to them that the server firewall is blocking certain operations due to coding issues.
If there is anything else we can assist you with do not hesitate to contact us.
Strange that this appear only when trying to change the "bottom boxes". Anyone else have this problem, or could it be something with the Norwegian translation?
Hope to get answers, as I realy like this, and would like everything in function before launching. -
Accepted Answer
It has nothing to do with https://github.com/arastta/arastta/blob/master/admin/index.php
You need to get yourself a better hosting, if they are unable to tell what rule is triggered, and other details they should be able to find in their logs. If they blame coding issues, they really should provide the proof for it also. But anyhow the real problem is more likely a misconfiguration of ModSecurity in their hosting.
This is a test added today, on a decent Norwegian host, having ModSecurity running. And as you can see it was no problem editing those boxes, with Norwegian language pack (a language pack would not cause that issue anyway for just those boxes): https://sedev.eu/arastta/
A quick test you could do would be to delete everything in the editors text field, and then save, as it's most likely the code in them your hosting has issues with.
Anyhow ... since you aim to sell in Norwegian to the Norwegian market, get yourself hosting in Norway, and also a .no domain - to rank better in search engines ... Netbox, Pro Isp, Agdernett, Webhuset whatever, they would all be better options for you. -
Accepted Answer
Have looked at the log for 412 at my host --- it says ----
2017-04-21 23:22:46.191463 [client (Mod Removed IP)] ModSecurity: Error reading request body: Software caused connection abort [hostname "autopartsnorge.com"] [uri "/arastt/admin/index.php"]
2017-04-21 23:22:46.253365 [client (Mod Removed IP)] ModSecurity: Access denied with code 412 (phase 2). Pattern match "(< ?(?:i?frame ?src|a ?href) ?= ?(?gg|tls|gopher|data|php|zlib|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?
arentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)scrip ..." at ARGS:module_description[1][description]. [file "/services/mod_security-rules/10_asl_rules.conf"] [line "1401"] [id "340249"] [rev "3"] [msg "Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack"] [data "/index.php"] [severity "CRITICAL"] [hostname "autopartsnorge.com"] [uri "/arastt/admin/index.php"]
The hosting provider tells me that the problem is in the script, probably someone with a little more tech knowledge can figure out what is the problem.
I solved it - turned of the ModSecurity, made the changes and saved, and thereafter turned the ModSec on again. Probably not the best solution, but now the front page look as I want it. -
Accepted Answer
I removed the IP from your posting, and added the log into a code tag to make it readable.
You didn't care to do the quick and simple test you was asked to?!
Still I would say it's badly configured ModSecurity, being triggered by the content (@), not any scripts - especially not index.php. Also you already used the same script before to change your store info on the middle of the page ... Sure it might be possible to fool their trigger happy configuration, but it shouldn't be necessary.
Gunder Johansen wrote:
I solved it - turned of the ModSecurity, made the changes and saved, and thereafter turned the ModSec on again. Probably not the best solution, but now the front page look as I want it.
No it's not, as you will get trouble with it later elsewhere. -
Accepted Answer
Accepted Answer
Accepted Answer
Have done some test, as I did what you said. I deleted everything and saved. Then everything was fine.
Therafter I did the same, phrase for phrase to look for what triged the 412 error.
At last I find the problem, the problem was the box for the email and the sign @. When I delete this, everything is in function, and I can save.
