XF 2.1 403 Forbidden When Editing Node Permissions

T

thegarfish

Member
Good afternoon,

I am working on setting up a new forum for a community that I am running but I have ran into the following error when editing permissions to view nodes - note that this is the only time that I have run across this throughout many Xenforo installations.

I am using a VPS that is running Plesk through DigitalOcean.

The error appears when click on the save button after selecting the view node permissions.

As of now I can no longer access my forum following a crash - I was able to fix this previously by running REPAIR TABLE db_xenforo.xf_session but this did not work the second time it crashed following this error.

1588637031068.png

1588637073379.png

1588636918156.png

If anyone has any ideas they would be greatly appreciated.

Thank you,
 

Attachments

  • 1588637023949.webp
    1588637023949.webp
    6.5 KB · Views: 1
Sort by date Sort by votes
You don't need to disable it completely if you can identify the rules being tripped and whitelist them.

The logs on the server will need to be checked to determine that.
 
Upvote 0 Downvote
According to the log...

3[client REDACTED] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:type. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mc5star.com|F|2"] [data "Matched Data: user_group found within ARGS:type: user_group"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mc5star.com"] [uri "/forum/admin.php"] [unique_id "XrCmzVBIv2BjsW3hR5FT5QAAAEI"], referer: https://mc5star.com/forum/admin.php?nodes/staff.3/permissions/edit&user_group_id=3
 
Upvote 0 Downvote
Developer and I both encountered this same issue today. We were trying to save node permissions for administrative group and it resulted in "Oops! We ran into some problems..." popup error in Xenforo and after a few tries resulted in IP block. I was able to replicate the issue after unblocking my IP. Support also found the same violation of rule 211540 which checks for Blind SQL Injection Attack. They suggest whitelist of rule in .htaccess. Safe to do so, or will this open up Xenforo to an actual malicious attack?
 
Last edited:
Upvote 0 Downvote
thegarfish said:
According to the log...

3[client REDACTED] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:type. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack||mc5star.com|F|2"] [data "Matched Data: user_group found within ARGS:type: user_group"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mc5star.com"] [uri "/forum/admin.php"] [unique_id "XrCmzVBIv2BjsW3hR5FT5QAAAEI"], referer: https://mc5star.com/forum/admin.php?nodes/staff.3/permissions/edit&user_group_id=3
Click to expand...

support.plesk.com

How to disable specific ModSecurity rules in Plesk

Applicable to: Plesk for Linux Question How to disable specific ModSecurity rules in Plesk per domain or server-wide? Answer Note: Not all rules can be disabled due to the MODSEC-274 bug in Mod...
support.plesk.com support.plesk.com
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Compi
  • Question Question
XF 2.2 Editing node permissions, error.
Replies
4
Views
560
Compi
Compi
Slion
  • Question Question
XF 2.2 403 Forbidden when ^\s+type in [CODE]
Replies
4
Views
544
Slion
Slion
Jon W
Fixed When editing node permissions for user group, time limit value defaults to 1
Replies
1
Views
439
XF Bug Bot
XF Bug Bot
Tommi Gustafsson
  • Question Question
XF 2.0 403 Forbidden when Testing Google Linked Account
Replies
1
Views
486
Mike
Mike
Gossamer
  • Question Question
XF 2.1 403 Forbidden Error When Upgrading to XF 2.1 or Installing Add-ons
Replies
3
Views
891
Gossamer
Gossamer
Back
Top Bottom