Error when posting new threads and editing templates

[Jimmy Vu]

Whenever I tried to edit a Template in admin area, I couldnot save my work

Always an error returned: "An error occurred, please try again"

Do you know what is happening, is it because of the host or the database issue? Many users also reported the same error when posting new threads?

Thanks

Jimmy

 

[Ozzy47]

Have you done the standard troubleshooting steps of confirming with all add-ons disabled on a default style?

There might be entries in the ACP error log and/or the browser console.

You can also enable debug mode in src/config.php to get a more detailed error.

$config['debug'] = true;

 

[ŽivaAkcija]

mod security

 

[Ozzy47]

Possibly, but blind assumptions are not a good thing.

 

[Jimmy Vu]

mod security

Thanks, could you give a clearer instruction?

 

[Ozzy47]

Thanks, could you give a clearer instruction?

Do not blindly do things!

Have you done the standard troubleshooting steps of confirming with all add-ons disabled on a default style?

There might be entries in the ACP error log and/or the browser console.

You can also enable debug mode in src/config.php to get a more detailed error.

$config['debug'] = true;

 

[Jimmy Vu]

Do not blindly do things!

Thanks ozzy47

I have enabled debug in config.php. Where should I go to see the bugs besides Server Error Log in Admin area?

 

[Ozzy47]

Check in the server log and in the browser console. Errors may show on the pages when an error is triggered as well.

 

[Jimmy Vu]

I found in browser console the following error:

"Failed to load resource: the server responded with a status of 403 (Forbidden)"

Have you got any idea?

 

[Ozzy47]

Okay, now we are certain. It's related to mod security - something your host should know about and will have to resolve it.

 

[Jimmy Vu]

Will XF work properly if I disable Mod Security?

 

[Ozzy47]

You don't need to disable it, your host needs to identify which rule(s) get triggered and whitelist/adjust them.

 

[Jimmy Vu]

You don't need to disable it, your host needs to identify which rule(s) get triggered and whitelist/adjust them.

Thanks, my host isnot helping me and I need to config it by myself. Do you know the rules that need to do the job?

 

[Ozzy47]

No, only the host would know. If they are not willing to help, it's time to find a new one.

 

[TPerry]

No, only the host would know. If they are not willing to help, it's time to find a new one.

Not if he is on a self managed VPS/dedicated server. As you succinctly stated, blind assumptions are not a good thing. I saw nowhere that stated he was on a managed plan or shared hosting.

@Jimmy Vu, are you on shared hosting? If so, it is their responsibility as a good host to check their mod_sec logs to find what triggered it. If you are on a unmanaged VPS/dedicated server then it will be up to you to check the logs to find what triggered it.

Will XF work properly if I disable Mod Security?

You can choose to disable mod_security on your server if VPS or dedicated, but if running Apache I'd give serious consideration to not doing that and finding the rule set that is triggering it.

If using cPanel, I believe that the logs are located in the mySQL server
A discussion on mod_sec logs is located here.

I don't use cPanel, but that discussion showed that the logs are accessible from WHM: Main >> Plugins >> Mod Security then you will have to find which has triggered it and then modify the rule set that you are using (as there are different "rule sets" that can be used as a base).
I think your rule sets that are in use can be found at Home » Security Center » ModSecurity Vendors » Manage Vendors

 

[Jimmy Vu]

Dear Tracy,

Thank you for your support. I am now on a VPS and I need to config it by myself, using CWP control panel

In found in Mod Security rule configuration this content

Include /usr/local/apache/modsecurity-owasp-old/modsecurity_crs_10_config.conf
Include /usr/local/apache/modsecurity-owasp-old/base_rules/*.conf
Include /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf

Does it mean that I should go to these files and edit the rules?

In modsec.conf it shows

<IfModule mod_security2.c>
SecRuleEngine On
</IfModule>

 

[TPerry]

First you need to find the log and see what triggered it... then find the OWASP rule set that it was. I don't use mod_security nor cPanel/WHM so I've reached the limit of what help I can be. Maybe someone with more familiarity with mod_security on cPanel will chime in.
This would probably be better moved into the Server Configuration & Hosting area since it would get a more concise targeted reader. Maybe @Brogan or @Slavik can move it over there.

 

[Ozzy47]

using CWP control panel

Since you are on a CENTOS Web Panel, maybe @eva2000 can give you some guidance.

 

[eva2000]

Since you are on a CENTOS Web Panel, maybe @eva2000 can give you some guidance.

Never used CWP I used my own Centmin Mod LEMP stack

 

[Ozzy47]

Ohh well, it was worth a shot.