Author Topic: Error 403 on Opencart  (Read 13384 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Error 403 on Opencart
« on: June 25, 2019, 07:30:51 AM »
Hello.
Who can faced a problem on Opencart. When I try to save changes in the settings of the modules or template, I get an error:

Forbidden
You don't have permission to access /admin/index.php on this server.


Fix Permissions does not help.
The files have 644 permissions, and 755 on folders.

It only helps to disable ModSecurity for the domain.
I use Comodo WAF

The last entry in the domain.com.error.log file:
Code: [Select]
[Sun Jun 23 15:44:57.234813 2019] [:error] [pid 29001:tid 139648344995584] [client 109.198.206.170:49082]
[client 109.198.206.170]
ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:'\\\\xbf?\\\\x22|\\\\x22\\\\xbf?'|^\\\\+?$)" at ARGS_POST:banner_image[1][0][link]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"]
[line "199"]
[id "211290"] [rev "3"]
[msg "COMODO WAF: XSS and SQLi vulnerability||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
[hostname "domain.com"] [uri "/admin/index.php"] [unique_id "XQ90ScHhCrL7AehvkFkUHgAAANA"], referer:
https://domain.com/admin/index.php?route=design/banner/edit&user_token=7FUNhvhi3k17PeRhIFApSmj07xtIQX8V&banner_id=8

Is it possible to fix this somehow without resorting to disabling ModSecurity?
Thank you in advance.
**********************************************
Здравствуйте.
Может кто сталкивался с проблемой на Opencart. При попытки сохранить изменения в настройках модулей или шаблона получаю ошибку:

Forbidden
You don't have permission to access /admin/index.php on this server.


Fix Permissions не помогает.
На файлах выставлены права 644, а на папках 755.

Помогает только отключение ModSecurity для домена.
Использую Comodo WAF
Можно-ли это как то исправить не прибегая к отключению  ModSecurity?
Заранее спасибо.


Offline
*
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Error 403 on Opencart
« Reply #2 on: June 26, 2019, 03:58:16 PM »
Correct, added the rule 211290 and website backed to normal. Thank you