Author Topic: Update broke Opencart? Again  (Read 408 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Update broke Opencart? Again
« on: June 23, 2019, 12:59:51 PM »
Hello everyone, I need help.

Today I discovered that again, apparently after the update, saving any changes in Opencart results in the message:
Forbidden
You do not have permission to access /admin/index.php on this server.


This is the second time, but for the first time, the problem was with saving changes in a third-party template. It was decided to transfer Opencart to a standard template, and then again to a third-party, while it was necessary to reconfigure it.

Now saving changes is impossible in any template, any module and the Opencart section.

Fix Permissions, like last time, does not help.

The files have 644 permissions, and 755 on folders.

Thank you in advance
******************
Привет всем, мне нужна помощь.

Сегодня обнаружил, что снова, видимо после обновления, сохрание любых изменений в Opencart приводит к появлению сообщения:
Forbidden
You don't have permission to access /admin/index.php on this server.


Это уже второй случай, но в первый раз проблема была при сохранении изменений в стороннем шаблоне. Решилось переводом Opencart на стандартный шаблон, а потом снова на сторонний, при этом надо было заново его настроить.

Сейчас сохрание изменений невозможно в любом шаблоне, любом модуле и разделе Opencart.

Fix Permissions, как и в прошлый раз, не помогает.

На файлах выставлены права 644, а на папках 755.

Заранее спасибо
« Last Edit: June 23, 2019, 01:02:31 PM by zondar »

Offline
*****
Re: Update broke Opencart? Again
« Reply #1 on: June 23, 2019, 01:34:45 PM »
Hi.
Check the website log. Located in /usr/local/apache/domlogs
I guess you have something in .htaccess (Options FollowSymLinks, for example)
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: Update broke Opencart? Again
« Reply #2 on: June 23, 2019, 02:58:21 PM »

I use htaccess
Options + SymLinksIfOwnerMatch

I tried to comment out, but it did not affect.

The last entry in the file domain.com.error.log
***************************************************
В htaccess использую
Options +SymLinksIfOwnerMatch

Пробовал закомментировать, но это не повлияло.

Последняя запись в файле domain.com.error.log

Code: [Select]
[Sun Jun 23 15:44:57.234813 2019] [:error] [pid 29001:tid 139648344995584] [client 109.198.206.170:49082]
[client 109.198.206.170]
ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:'\\\\xbf?\\\\x22|\\\\x22\\\\xbf?'|^\\\\+?$)" at ARGS_POST:banner_image[1][0][link]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"]
[line "199"]
[id "211290"] [rev "3"]
[msg "COMODO WAF: XSS and SQLi vulnerability||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
[hostname "domain.com"] [uri "/admin/index.php"] [unique_id "XQ90ScHhCrL7AehvkFkUHgAAANA"], referer:
https://domain.com/admin/index.php?route=design/banner/edit&user_token=7FUNhvhi3k17PeRhIFApSmj07xtIQX8V&banner_id=8


Disabling ModSecurity solves the problem, but this is not an option. And how to change the rules, and most importantly what rules need to be changed and which I do not know.
*********************************

Отключение ModSecurity решает проблему, но ведь это не вариант. А как изменить правила, а главное какие правила нужно менять и на какие я не знаю.
« Last Edit: June 23, 2019, 03:10:23 PM by zondar »