TOPIC:

I've copied the preview php and xml with more screen shots in the attached

Hi Karl,

I got the login details and logged in and created a test LO and saw the same behaviour...

Then I tried hitting Publish several times and then pressed play. I was presented with this:

Your connection to this server has been blocked

This is temporary and will normally happen with too many failed login attempts or other bad activity.

Your blocked IP address is 78.86.61.201

I think that this can only mean that you have some kind of apache mod filtering on the postdata which is flagging up the asfunction: as a security risk. We had a case a month or two back with exactly the same issue. The host had some mod filtering turned on which was messing with the post data in certain cases.

Let me find it in the forums and refresh my memory as to the solution to see if it is the same... Do you remember this Tom, it was another strange problem that took ages to find...

John

Hi,

Ok I think I am on the right trail - this post www.xerte.org.uk/index.php?option=com_ku...ang=en&limitstart=60 related to image uploads that were blocked but this code:

in a .htaccess file in xerte/ should turn off the filter - which should then allow you to try to do the save again...

Then we have to figure out how to have it on (if you really need it) with asfunction: being passed through ok. This link comments.gmane.org/gmane.comp.apache.mod-security.owasp-crs/752 shows someone having a problem not dissimilar and if you search the page for asfunction then you will see this:

Message: Warning. Pattern match "(asfunction|javascript|vbscript|data|mocha|livescript):"

Which is the exact pattern we are having problems with. If your pattern is the same then you probably can't include any of those words with a : after. It's to stop some kind of code injection in posted data but in this instance we actually want to allow the asfunction and possibly javascript: if you needed to invoke some javascript function directly from a link...

So try the .htaccess file to turn off mod_security and we'll take it from there...

John

I can't seem to locate the .htaccess file in Xerte. I have made all hidden files on the server visible and also done a search. All I'm coming up with are htaccess.conf files located in
/xerte/languages/en-GB/setup/htaccess.conf
/xerte/setup/htaccess.conf
I have tried pasting the code into the .htaccess file on the root of the site (same folder that the xerte folder is in) atcourse.org/.htaccess but it didn't work.

OK I also tried to create a .htaccess file in xerte folder with the code you provided but I'm still experiencing the same problem.

Hi Karl,

Sorry, i should have been more explicit. you need to create the .htaccess file in the root or /xerte folder and put that code in it.

But if that's what you've tried then that might not be the code you need in this situation...

Do you have access to a control panel for your webhost? In there you 'might' find some reference to that filter string i posted or some reference to asfunction as that is definitely triggering some kind of security alert when i try to save several times in succession.

Sorry i can't be of more help at this stage. You might have to contact support.


John

Is it just that code that needs to be in the .htaccess file? If so that's what I tried and I'm afraid it didn't work.I also tried it in the root of the site and no luck. I use cpanel, are you familiar with it? As you have probably gathered by know I'm a little over my head with this stuff. I can't find any reference to asfunction: or mod_security on cpanel