Hello.
Who can faced a problem on Opencart. When I try to save changes in the settings of the modules or template, I get an error:
Forbidden
You don't have permission to access /admin/index.php on this server.
Fix Permissions does not help.
The files have 644 permissions, and 755 on folders.
It only helps to disable ModSecurity for the domain.
I use Comodo WAF
The last entry in the domain.com.error.log file:
[Sun Jun 23 15:44:57.234813 2019] [:error] [pid 29001:tid 139648344995584] [client 109.198.206.170:49082]
[client 109.198.206.170]
ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:'\\\\xbf?\\\\x22|\\\\x22\\\\xbf?'|^\\\\+?$)" at ARGS_POST:banner_image[1][0][link]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"]
[line "199"]
[id "211290"] [rev "3"]
[msg "COMODO WAF: XSS and SQLi vulnerability||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
[hostname "domain.com"] [uri "/admin/index.php"] [unique_id "XQ90ScHhCrL7AehvkFkUHgAAANA"], referer:
https://domain.com/admin/index.php?route=design/banner/edit&user_token=7FUNhvhi3k17PeRhIFApSmj07xtIQX8V&banner_id=8
Is it possible to fix this somehow without resorting to disabling ModSecurity?
Thank you in advance.
**********************************************
Здравствуйте.
Может кто сталкивался с проблемой на Opencart. При попытки сохранить изменения в настройках модулей или шаблона получаю ошибку:
Forbidden
You don't have permission to access /admin/index.php on this server.
Fix Permissions не помогает.
На файлах выставлены права 644, а на папках 755.
Помогает только отключение ModSecurity для домена.
Использую Comodo WAF
Можно-ли это как то исправить не прибегая к отключению ModSecurity?
Заранее спасибо.