XF 2.0 Oops! We ran into some problems. Security error occurred. Please press back, refresh the page, and try again.

[TC44]

I've been running into this error, twice in the past few days when trying to do anything in the XenForo admin panel. The first time, it went away after rebooting the server.

Oops! We ran into some problems.
Security error occurred. Please press back, refresh the page, and try again.

I'm not seeing any crashed/corrupt tables in the database. The only ones that can't be analyzed are these:

_xenforo.xf_attachment_view
_xenforo.xf_mg_album_view
_xenforo.xf_mg_media_view
_xenforo.xf_session_activity
_xenforo.xf_thread_view

"The storage engine for the table doesn't support analyze"

I'm just looking for any suggestions on what to try to narrow it down?

Cheers.
TC

 

[Rivmedia]

Not sure if this will be the same for you guys, but have you got mod_evasive compiled ? We were running mod_evasive on most of our servers after cPanel released it in their packages, unfortunately we found it was also the cause of random errors like above on xenforo. Especially when upgrading or installing XF.

We didnt investigate it further, we simply disabled mod_evasive but im sure there is a configuration that would stop the errors. ( If ofcourse that is the cause of your problem too )

 

[TC44]

Not sure if this will be the same for you guys, but have you got mod_evasive compiled ?

Thanks for the reply. Good info.

I'm not seeing it enabled on mine. Actually, I'm not seeing an option for it in the options list for compiling Apache. I do have mod_security enabled.

I did reboot my server, but it made no difference. Still stuck here, unable to edit anything in the Xenforo admin panel.

 

[TC44]

Just checked via ssh. I don't se mod_evasive compiled on my server.

 

[Rivmedia]

Ah for us they were random occurrences, it wasn't something that halted usage completely.

Have you tried temp disabling code being ran, then disabling addons once access is regained to see if the errors stop:

This will temporarily disable code being run by all add-ons. Use this to access the control panel and disable the offending add-ons. Once you have done this, remove the line above from your src/config.php file.

Note:This is not equivalent to disabling add-ons via the control panel and is not sufficient for determining if an issue is caused by an add-on.

$config['enableListeners'] = false;

 

[TC44]

Ok, this is pretty dumb on my part, but maybe this will help someone else coming across this. From reading about this, it may have something to do with expired tokens. So, I logged out of the forum and admin panel and logged back in again. Seems to be working fine now.

Fortunately in my case, it seems to be a simple solution that works. Maybe it's common sense to most people here, but It might be good if that error message said something like:

Security error occurred. Please press back, refresh the page, and try again. If that doesn't work, please completely log out of the admin panel, and log back in again.

 

[Rivmedia]

Were you logging in via a www or non-www equivalent of your board URL ? if so a redirect will prevent you and your users having that problem again

This is the redirect I use which redirects the www.website.com , to non www .

RewriteCond %{HTTP_HOST} !^seoforums\.uk$ [NC]
RewriteRule ^(.*)$ https://seoforums.uk/$1 [R=301,L,QSA]

Placed in position here :

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{HTTP_HOST} !^seoforums\.uk$ [NC]
    RewriteRule ^(.*)$ https://seoforums.uk/$1 [R=301,L,QSA]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

 

[TPerry]

I do have mod_security enabled.

ding...ding...ding
We very likely have the winner listed here.
You need to check your logs for mod_security and find what triggered it and put an exception in place.

 

[TC44]

Thanks guys, I'll check all that!

I do have it defaulted to https://, no www, but it redirects to the non www url. One factor may be that my forum is installed on a sub domain, so it's https://forum.domain.com

I'll check the logs, thanks again.

 

[Recep Baltaş]

Some of our users have this when they are trying to login. What could be the issue?

 

[BobHarbison]

Seeing this on my server too, any ideas on how to fix it?

 

[Robert]

recently been getting this on my server as well. Says users need to accept cookies on the site but there is no place to actually accept cookies on the site. I'm running the latest stable version of xenforo