v3.0.3.9 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
Might be helpful to check with your web host too.
Check out our ever-growing list of extensions for OpenCart here.
Some useful extensions for a better admin experience: Image File Manager Pro • Drag & Drop Sort Order
Reach out to us at hello@softmonke.com for your OpenCart web development needs or feedback for our extensions.
Code: Select all
if (isset($this->request->post['guardian_g_htaccess_path'])) {
$data['guardian_g_htaccess_path'] = $this->db->escape($this->request->post['guardian_g_htaccess_path']);
} else {
$data['guardian_g_htaccess_path'] = $this->db->escape($this->config->get('guardian_g_htaccess_path'));
}
The only way I can think off the top of my head as a work around is to just save the path and then hardcode the actual ".htaccess" name in the file, but I'd just prefer not do it that way. Let me know.
v3.0.3.9 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
It's probably ModSecurity or Immunify360. Ask your host to disable those then try again.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
v3.0.3.9 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
mod_security deals with threat patterns in requests like any other WAF, and .htaccess is in that pattern of 211190.Joe1234 wrote: ↑Sat Jan 11, 2025 7:47 amYou were right modsecurity ID 211190. I don't understand why, because from what I was able to read about it, that's supposed to detect remote file access. I don't understand how that affects the local website inserting the info into the database. Either way, I guess I should leave that enabled and just save and retrieve the info the way I initially didn't want to do it. Thanks.
and
Code: Select all
$this->request->post['guardian_g_htaccess_path']
Code: Select all
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:code|!ARGS:/content/|!ARGS:/description/|!ARGS:/install\[values\]\[\w+\]\[fileDenyPattern\]/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:wpTextbox1 "(?:(?<!\w)(?:\.(?:ht(?:access|group|passwd)|www_{0,1}acl)|boot\.ini|global\.asa|httpd\.conf)\b|/etc/)" \
"id:211190,msg:'COMODO WAF: Remote File Access Attempt||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:'auditLogParts=+E',t:'none',t:'cmdLine',rev:8,severity:2"
Code: Select all
ModSecurity: Access denied with code 404 (phase 2). Pattern match "(?:(?<!\\\\w)(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:postcode. [file "security-crs/crs/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:postcode: .htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"].............
Users browsing this forum: pprmkr and 26 guests