XF 2.1 403 Forbidden When Editing Node Permissions

Good afternoon,

I am working on setting up a new forum for a community that I am running but I have ran into the following error when editing permissions to view nodes - note that this is the only time that I have run across this throughout many Xenforo installations.

I am using a VPS that is running Plesk through DigitalOcean.

The error appears when click on the save button after selecting the view node permissions.

As of now I can no longer access my forum following a crash - I was able to fix this previously by running REPAIR TABLE db_xenforo.xf_session but this did not work the second time it crashed following this error.

1588637031068.png

1588637073379.png

1588636918156.png

If anyone has any ideas they would be greatly appreciated.

Thank you,
 

Attachments

  • 1588637023949.webp
    1588637023949.webp
    6.5 KB · Views: 1
You don't need to disable it completely if you can identify the rules being tripped and whitelist them.

The logs on the server will need to be checked to determine that.
 
According to the log...

3[client REDACTED] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:type. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mc5star.com|F|2"] [data "Matched Data: user_group found within ARGS:type: user_group"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mc5star.com"] [uri "/forum/admin.php"] [unique_id "XrCmzVBIv2BjsW3hR5FT5QAAAEI"], referer: https://mc5star.com/forum/admin.php?nodes/staff.3/permissions/edit&user_group_id=3
 
Developer and I both encountered this same issue today. We were trying to save node permissions for administrative group and it resulted in "Oops! We ran into some problems..." popup error in Xenforo and after a few tries resulted in IP block. I was able to replicate the issue after unblocking my IP. Support also found the same violation of rule 211540 which checks for Blind SQL Injection Attack. They suggest whitelist of rule in .htaccess. Safe to do so, or will this open up Xenforo to an actual malicious attack?
 
Last edited:
According to the log...

3[client REDACTED] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:type. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mc5star.com|F|2"] [data "Matched Data: user_group found within ARGS:type: user_group"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mc5star.com"] [uri "/forum/admin.php"] [unique_id "XrCmzVBIv2BjsW3hR5FT5QAAAEI"], referer: https://mc5star.com/forum/admin.php?nodes/staff.3/permissions/edit&user_group_id=3

 
Top Bottom