XF 2.2 Oops on notification click

Jon12345

Well-known member
I've been getting some errors where you get an "Oops" when you click the notification bell. This thread talks about the issue. Ignore the elasticsearch issue, which has been resolved.


Someone at the end of that thread also said they got in on editing a link.

I don't know where to begin in resolving this issue. How do I start?

Edit: I just got the error myself.

1613494271517.png

Edit2: Just found this in console:

1613494456358.png

Does that help?
 
Last edited:

Jon12345

Well-known member
My host has said this:

According to the Apache error_log, ModSecurity was being triggered by your IP 94.5.151.236 , and others, believing there were attempts at SQL injections when accessing notifications on the site. This resulted in 403 statuses relating to the core-content.js in the browser console.
Would you like us to disable rule 211700 in ModSecurity Tools to test if the rule affected how the notification bell worked?

They then listed what looks like log information. A bit of it is pasted below to give an idea:

Tue Feb 16 10:53:20 2021] [error] [client 94.5.151.236] ModSecurity: Access denied with code 403, [Rule: 'MATCHED_VAR' '@rx (?i:[ ()]case ?\(|\) ?like ?\(|\bhaving ?[^\s]+ ?[^\w ]|\bif ?\([\d\w] ?[=<>~])'] [id "211700"] [rev"7"] [msg "COMODO WAF: Detects conditional SQL injection attempts"] [logdata "Matched Data: having-a-server-error.316239/ found within /forums/threads/search-seems-to-be-having-a-server-error.316239/: /forums/threads/search-seems-to-be-having-a-server-error.316239/"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]

Would you have them disable that rule, or perhaps is my site under threat? Why would clicking a notification button trigger a security alert?
 
Top