Originally Posted by
DrByte
Is the converse true? Does it also happen when editing with a rich-text editor?
After some *very* careful examination, the problem appears to lie almost exclusively in the Define pages editor. And no, I can't use HTMLAREA either, but I get a different error:
HTML Code:
You don't have permission to access /shop/admin/define_pages_editor.php on this server.
They're both coming up as 403/forbidden, but pointing at different files.
This is likely a result of mod_security stopping the use of the page because the page contains potentially dangerous content akin to what a hacker might attempt to upload if one was exploiting the server.
What kind of code is in the pages you're getting these errors on ? You must have some sort of HTML codes or SCRIPT tags etc which the security filters are catching.
Anything from simple text, to iframes
Your server's errorlog should also explain more about "why" the page access was blocked.
All I can see is them coming up as 403/forbidden
Your hosting company should also be able to offer assistance in clarifying what recent changes may have been implemented to cause this.
Or maybe *they* didn't change anything and the timing is just that *you* just recently started using certain "prohibited" content in your pages?
ahh... yes, I've turned into a code-crunching pornographer in my spare time!
It's also the most secure way to do it. That way you don't need to leave files world-writable on the server, making your site less vulnerable to exploitation.
Yes, and I imagine that's what I'll likely continue to do, if making changes to the ZenCart or other functionality poses that kind of risk
You could try adding this to your /admin/.htaccess file and see if it helps:
Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
That will turn OFF all the security protections that normally protect against what hackers might do to upload rogue content. It leaves you somewhat exposed, but would stop the blockages if the issue is truly a mod_security filter that's blocking you.
hmm... I *might* give that a try, but I'll probably just do the modifications offline & upload them (yay for good freeware!)
Thanks!
Bookmarks