XF 2.2 Oops on notification click

Jon12345

Jon12345

Well-known member
I've been getting some errors where you get an "Oops" when you click the notification bell. This thread talks about the issue. Ignore the elasticsearch issue, which has been resolved.

Search seems to be having a server error?

I've tried searching the forums a few times so far this morning and keep getting a server error. Just an fyi that is probably already known.
www.access-programmers.co.uk

Someone at the end of that thread also said they got in on editing a link.

I don't know where to begin in resolving this issue. How do I start?

Edit: I just got the error myself.

1613494271517.png

Edit2: Just found this in console:

1613494456358.webp

Does that help?
 
Last edited:
Sort by date Sort by votes
My host has said this:

According to the Apache error_log, ModSecurity was being triggered by your IP 94.5.151.236 , and others, believing there were attempts at SQL injections when accessing notifications on the site. This resulted in 403 statuses relating to the core-content.js in the browser console.
Click to expand...
Would you like us to disable rule 211700 in ModSecurity Tools to test if the rule affected how the notification bell worked?
Click to expand...

They then listed what looks like log information. A bit of it is pasted below to give an idea:

Tue Feb 16 10:53:20 2021] [error] [client 94.5.151.236] ModSecurity: Access denied with code 403, [Rule: 'MATCHED_VAR' '@rx (?i:[ ()]case ?\(|\) ?like ?\(|\bhaving ?[^\s]+ ?[^\w ]|\bif ?\([\d\w] ?[=<>~])'] [id "211700"] [rev"7"] [msg "COMODO WAF: Detects conditional SQL injection attempts"] [logdata "Matched Data: having-a-server-error.316239/ found within /forums/threads/search-seems-to-be-having-a-server-error.316239/: /forums/threads/search-seems-to-be-having-a-server-error.316239/"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Click to expand...

Would you have them disable that rule, or perhaps is my site under threat? Why would clicking a notification button trigger a security alert?
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

S
Accessibility - Missing link-name on notification close
Replies
0
Views
434
stromb0li
S
O
  • Solved
XF 2.2 Push Notifications for iOS devices: Requires turning on "Notifications" in Webkit Feature Flags?
Replies
3
Views
1K
Oersted
O
twhiting9275
  • Suggestion Suggestion
Implemented Email content on notification?
Replies
19
Views
1K
vkams
vkams
Back
Top Bottom