Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
Report any technical problems you discover and discuss solutions.

TOPIC:

Unable to edit existing LO 11 years 1 month ago #892

  • 0kee
  • 0kee's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 73
  • Thank you received: 0
I've copied the preview php and xml with more screen shots in the attached
Attachments:

Please Log in or Create an account to join the conversation.

Unable to edit existing LO 11 years 1 month ago #893

  • JohnSmith
  • JohnSmith's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 397
  • Thank you received: 71
Hi Karl,

I got the login details and logged in and created a test LO and saw the same behaviour...

Then I tried hitting Publish several times and then pressed play. I was presented with this:

Your connection to this server has been blocked

This is temporary and will normally happen with too many failed login attempts or other bad activity.

Your blocked IP address is 78.86.61.201


I think that this can only mean that you have some kind of apache mod filtering on the postdata which is flagging up the asfunction: as a security risk. We had a case a month or two back with exactly the same issue. The host had some mod filtering turned on which was messing with the post data in certain cases.

Let me find it in the forums and refresh my memory as to the solution to see if it is the same... Do you remember this Tom, it was another strange problem that took ages to find...

John

Please Log in or Create an account to join the conversation.

Unable to edit existing LO 11 years 1 month ago #894

  • JohnSmith
  • JohnSmith's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 397
  • Thank you received: 71
Hi,

Ok I think I am on the right trail - this post www.xerte.org.uk/index.php?option=com_ku...ang=en&limitstart=60 related to image uploads that were blocked but this code:
<IfModule mod_security.c>
 <Files upload.php>
 SecFilterEngine Off
 SecFilterScanPOST Off
 </Files>
 </IfModule>

in a .htaccess file in xerte/ should turn off the filter - which should then allow you to try to do the save again...

Then we have to figure out how to have it on (if you really need it) with asfunction: being passed through ok. This link comments.gmane.org/gmane.comp.apache.mod-security.owasp-crs/752 shows someone having a problem not dissimilar and if you search the page for asfunction then you will see this:

Message: Warning. Pattern match "(asfunction|javascript|vbscript|data|mocha|livescript):"


Which is the exact pattern we are having problems with. If your pattern is the same then you probably can't include any of those words with a : after. It's to stop some kind of code injection in posted data but in this instance we actually want to allow the asfunction and possibly javascript: if you needed to invoke some javascript function directly from a link...

So try the .htaccess file to turn off mod_security and we'll take it from there...

John

Please Log in or Create an account to join the conversation.

Unable to edit existing LO 11 years 1 month ago #901

  • 0kee
  • 0kee's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 73
  • Thank you received: 0
I can't seem to locate the .htaccess file in Xerte. I have made all hidden files on the server visible and also done a search. All I'm coming up with are htaccess.conf files located in
/xerte/languages/en-GB/setup/htaccess.conf
/xerte/setup/htaccess.conf
I have tried pasting the code into the .htaccess file on the root of the site (same folder that the xerte folder is in) atcourse.org/.htaccess but it didn't work.

OK I also tried to create a .htaccess file in xerte folder with the code you provided but I'm still experiencing the same problem.

Please Log in or Create an account to join the conversation.

Last edit: by 0kee.

Unable to edit existing LO 11 years 1 month ago #902

  • JohnSmith
  • JohnSmith's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 397
  • Thank you received: 71
Hi Karl,

Sorry, i should have been more explicit. you need to create the .htaccess file in the root or /xerte folder and put that code in it.

But if that's what you've tried then that might not be the code you need in this situation...

Do you have access to a control panel for your webhost? In there you 'might' find some reference to that filter string i posted or some reference to asfunction as that is definitely triggering some kind of security alert when i try to save several times in succession.

Sorry i can't be of more help at this stage. You might have to contact support.


John

Please Log in or Create an account to join the conversation.

Unable to edit existing LO 11 years 1 month ago #903

  • 0kee
  • 0kee's Avatar Topic Author
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 73
  • Thank you received: 0
Is it just that code that needs to be in the .htaccess file? If so that's what I tried and I'm afraid it didn't work.I also tried it in the root of the site and no luck. I use cpanel, are you familiar with it? As you have probably gathered by know I'm a little over my head with this stuff. I can't find any reference to asfunction: or mod_security on cpanel

Please Log in or Create an account to join the conversation.

Moderators: ronmjultenJohnSmith
Time to create page: 0.065 seconds
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search