Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I bet this is related to mod_security if installed or mod_evasive. Check the server error logs, ask your web host if they are using mod_security..Kromak wrote: ↑Wed Jan 08, 2020 9:00 pmThanks for the reply.
I'm running 3.0.2.0 and I have just figured out there seams to be an issue with an image that is inserted at the bottom of the description that we use to show our product guarantee. Using code view at the bottom of the description we use:
<a href="https://www.mydomain.com/guarantee" target="_self"><img src="https://www.mydomain.com/image/catalog/ ... e.png"></a>
When I remove this code I can update as normal. This never used to happen before
Backup and learn how to recover before you make any changes!
That was a fantastic guess! I can turn off modsecurity in cPanel and this issue goes away. There must have been an update which caused the bug. I have tried taking out the target="_self" command but I still get the issue with modsecurity enabled. Would there be a work around or would I need to contact my webhost to make some changes to the modsecurity config? Many thankssw!tch wrote: ↑Thu Jan 09, 2020 11:48 amI bet this is related to mod_security if installed or mod_evasive. Check the server error logs, ask your web host if they are using mod_security..Kromak wrote: ↑Wed Jan 08, 2020 9:00 pmThanks for the reply.
I'm running 3.0.2.0 and I have just figured out there seams to be an issue with an image that is inserted at the bottom of the description that we use to show our product guarantee. Using code view at the bottom of the description we use:
<a href="https://www.mydomain.com/guarantee" target="_self"><img src="https://www.mydomain.com/image/catalog/ ... e.png"></a>
When I remove this code I can update as normal. This never used to happen before
The fact it happens when you throw in the linked image, makes me think it's probably triggering a false positive.. Try taking out target="_self", some OWASP rulesets (if used) are super sensitive.
Thats my guess.
If you can find the Mod Security Rule ID being flagged you can ask your host to disable it. I think you need root access to the Apache/ ModSec error log to locate the ID, but it might be somewhere in your cPanel as well. Every host is different to what they allow access to. Check under error logs in cPanel..Kromak wrote: ↑Thu Jan 09, 2020 4:54 pmThat was a fantastic guess! I can turn off modsecurity in cPanel and this issue goes away. There must have been an update which caused the bug. I have tried taking out the target="_self" command but I still get the issue with modsecurity enabled. Would there be a work around or would I need to contact my webhost to make some changes to the modsecurity config? Many thanks
Code: Select all
src="https://www.mydomain.com/image/catalog/ ... e.png"></a>Backup and learn how to recover before you make any changes!
I was going to suggest this too, it causes more issues than it solves in my experience.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
I had an issue recently where I could not add zones to a geo zone I was creating at System > Localisation > Geo Zones. I had to turn of mod-security in order to solve the issue. viewtopic.php?p=855588#p855588padaliyajay wrote: ↑Tue Apr 25, 2023 1:28 pmDon't turn off modsecurity. Use this rules to fix issues or ask hosting to add it
https://github.com/padaliyajay/modsecurity-opencart
viewtopic.php?p=856405#p856409kirkhall wrote: ↑Wed Apr 26, 2023 2:47 amI had an issue recently where I could not add zones to a geo zone I was creating at System > Localisation > Geo Zones. I had to turn of mod-security in order to solve the issue. viewtopic.php?p=855588#p855588padaliyajay wrote: ↑Tue Apr 25, 2023 1:28 pmDon't turn off modsecurity. Use this rules to fix issues or ask hosting to add it
https://github.com/padaliyajay/modsecurity-opencart
Like I said turning off mod-security did solve the problem but it still seems extremely slow for that geo zone setup to load the page.
Would this be the fix I can have my host add to my server settings and be able to turn mod-security back on?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: Amazon [Bot], Majestic-12 [Bot] and 37 guests
