XF 2.2 Oops on notification click

Jon12345

Jon12345

Well-known member
I've been getting some errors where you get an "Oops" when you click the notification bell. This thread talks about the issue. Ignore the elasticsearch issue, which has been resolved.

Search seems to be having a server error?

I've tried searching the forums a few times so far this morning and keep getting a server error. Just an fyi that is probably already known.
www.access-programmers.co.uk

Someone at the end of that thread also said they got in on editing a link.

I don't know where to begin in resolving this issue. How do I start?

Edit: I just got the error myself.

1613494271517.png

Edit2: Just found this in console:

1613494456358.webp

Does that help?
 
Last edited:
Sort by date Sort by votes
My host has said this:

According to the Apache error_log, ModSecurity was being triggered by your IP 94.5.151.236 , and others, believing there were attempts at SQL injections when accessing notifications on the site. This resulted in 403 statuses relating to the core-content.js in the browser console.
Click to expand...
Would you like us to disable rule 211700 in ModSecurity Tools to test if the rule affected how the notification bell worked?
Click to expand...

They then listed what looks like log information. A bit of it is pasted below to give an idea:

Tue Feb 16 10:53:20 2021] [error] [client 94.5.151.236] ModSecurity: Access denied with code 403, [Rule: 'MATCHED_VAR' '@rx (?i:[ ()]case ?\(|\) ?like ?\(|\bhaving ?[^\s]+ ?[^\w ]|\bif ?\([\d\w] ?[=<>~])'] [id "211700"] [rev"7"] [msg "COMODO WAF: Detects conditional SQL injection attempts"] [logdata "Matched Data: having-a-server-error.316239/ found within /forums/threads/search-seems-to-be-having-a-server-error.316239/: /forums/threads/search-seems-to-be-having-a-server-error.316239/"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Click to expand...

Would you have them disable that rule, or perhaps is my site under threat? Why would clicking a notification button trigger a security alert?
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

_Al
  • Question Question
mod-security rules - where do I go from here?
Replies
9
Views
806
_Al
_Al
M
  • Question Question
RM 2.2 You must upload a file or provide an external download URL. (XFRM)
Replies
0
Views
390
mrdoitnyce
M
zackw
  • Question Question
ES 2.2 ConnectException cURL 7 - failed to connect to localhost port 9200
Replies
4
Views
4K
chris p
C
Chromaniac
Search field next button does not send focus to member field on most pages
Replies
2
Views
604
Chromaniac
Chromaniac
T
  • Question Question
XF 2.2 Questions about CRON task
Replies
4
Views
864
Paul B
Paul B
Top Bottom