• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Thu Oct 31, 2019 10:50 am 
Offline
Power Poster
Power Poster

Joined: Mon May 11, 2009 4:35 pm
Posts: 485
I've got a weird problem. I made a small change on a template which worked fine before (it was a dashboard to show google analytics stats on a TV screen). I only changed some Analytics ID's, but suddenly the template wouldn't save any more if I press 'submit'. I got this error
\$1:
Forbidden
You don't have permission to access this resource.


First I thought it had anything to do with the code itself, so I stripped most of it, till only some small snippet was left:

\$1:
{strip}
{process_pagedata}
{/strip}<!DOCTYPE html>
<__html>
<head>
<title>{sitename}</title>
<meta http-equiv="refresh" content="3600" />
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1" />
<meta name="robots" content="noindex" />
{metadata}
{cms_stylesheet}
</head>
   
</__body>

<__body>
</__html>

When I remove [i] <meta http-equiv="refresh" content="3600" />[i]the code will submit, so I thought I figured it out. But when I try to delete this row in the original template the same problem occurs.

Then I tried to submit the whole code in another CMSMS website (2.2.12), and it submitted! So it wasn't the code in my opinion, but now I upgraded the 'error-website' and all of it's modules and even PHP version (7.2) the problem still exists.

I tried debug-mode, but can't make anything of it.

Website info
\$1:
----------------------------------------------

Cms Version: 2.2.12

Installed Modules:

AceEditor2: 1.05
AdminSearch: 1.0.4
CGBetterForms: 1.9
CGExtensions: 1.64.10
CGSimpleSmarty: 2.2.1
CGSmartImage: 1.22.7
CMSContentManager: 1.1.8
CmsJobManager: 0.1.3
DesignManager: 1.1.6
FileManager: 1.6.9.1
FilePicker: 1.0.4.1
Gallery: 2.3.2
JQueryTools: 1.4.2
LISE: 1.3.1
LISEAgenda: 1.3.1
LISEShowcase: 1.3.1
MenuManager: 1.50.3
MicroTiny: 2.2.4
ModuleManager: 2.1.7
Navigator: 1.0.9
News: 2.51.6
Search: 1.51.7
SitemapMgr: 1.5.3

Config Information:

php_memory_limit:
max_upload_size: 32000000
url_rewriting: mod_rewrite
page_extension:
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Europe/Amsterdam
permissive_smarty: true

Php Information:

phpversion: 7.2.23
md5_function: Aan (Waar)
json_function: Aan (Waar)
gd_version: 2
tempnam_function: Aan (Waar)
magic_quotes_runtime: Uit (Onwaar)
E_ALL: 0
E_STRICT: 0
E_DEPRECATED: 0
test_file_timedifference: Geen tijdsverschillen gevonden
test_db_timedifference: Geen tijdsverschillen gevonden
create_dir_and_file: 1
memory_limit: 128M
max_execution_time: 30
register_globals: Uit (Onwaar)
output_buffering: 4096
disable_functions:
open_basedir:
test_remote_url: Succes
file_uploads: Aan (Waar)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /opt/alt/php72/var/lib/php/session (0700)
session_use_cookies: Aan (Waar)
xml_function: Aan (Waar)
xmlreader_class: Aan (Waar)
check_ini_set: Aan (Waar)
curl: Aan

Performance Information:

allow_browser_cache: Aan (Waar)
browser_cache_expiry: 60
php_opcache: Aan (Waar)
smarty_cache: Uit (Onwaar)
smarty_compilecheck: Uit (Onwaar)
auto_clear_cache_age: Aan (Waar)
Server Information:

Server Software: Apache/2
Server Api: litespeed
Server Os: Linux 3.10.0-962.3.2.lve1.5.26.5.el7.x86_64 Aan x86_64
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.62
Server Db Grants: Er is een "GRAND ALL" permissie gevonden, alles lijkt in orde.

Permission Information:

tmp: /home/user5/domains/domain.nl/public_html/tmp (0755)
tmp_cache: /home/user5/domains/domain.nl/public_html/tmp/cache (0755)
templates_c: /home/user5/domains/domain.nl/public_html/tmp/templates_c (0755)
modules: /home/user5/domains/domain.nl/public_html/modules (0755)
uploads: /home/user5/domains/domain.nl/public_html/uploads (0755)
Bestandscreatiemasker (umask): /home/user5/domains/domain.nl/public_html/tmp/cache (0755)
config_file: 0777
----------------------------------------------


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Thu Oct 31, 2019 2:54 pm 
Online
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Feb 25, 2009 4:25 am
Posts: 847
Location: Victoria, BC
This sort of thing is usually mod_security. Some hosts let you disable it via cPanel, for others you'll need to ask your host to either disable it or whitelist the rule causing this issue.

There's no reliable test to see if mod_security is active, you'll have to ask your host if you don't know.

_________________
Not getting the answer you need? CMSMS support options


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Wed Nov 06, 2019 11:03 am 
Offline
Power Poster
Power Poster

Joined: Mon May 11, 2009 4:35 pm
Posts: 485
I've asked my host like you said. Mod Security is indeed active on my server, but they won't shut it off and are trying to naildown the problem but no luck so far.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Fri Nov 08, 2019 3:04 pm 
Offline
Power Poster
Power Poster

Joined: Mon May 11, 2009 4:35 pm
Posts: 485
My host replied and are stating a leak in the CMS is the cause of my problem.

"The 'Comodo WAF' rule is being triggered at the moment of submitting the template, giving the following errorcode:"

\$1:
[Fri Nov 08 15:05:18.729970 2019] [:error] [pid 1306674:tid 140344072292096] [client redacted:11422] [client redacted] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<meta.{0,}?http-equiv\\\\/{0,}?=\\\\/{0,}?[\\\\x22'`]{0,1}(?:c|r|s|&#?x?0{0,}?(?:67|43|99|63|82|52|114|72|83|53|115|73);?)" at ARGS_POST:m1_contents. [file "/usr/local/cwaf/rules/07_XSS_XSS.conf"] [line "130"] [id "212960"] [rev "5"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.||www.domein.nl|F|2"] [data "Matched Data: <metahttp-equiv=\\x22x-ua-compatible\\x22content=\\x22ie=edge\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1.0,maximum-scale=1\\x22/><metahttp-equiv=\\x22r found within ARGS_POST:m1_contents: {strip}{process_pagedata}{/strip}<!doctypehtml><__html><head><title>{sitename}</title><metahttp-equiv=\\x22x-ua-compatible\\x22content=\\x22ie=edge\\x22/><metaname=\\x22viewport\\x22content=\\x22width=device-width,initial-scale=1.0,maximum-scale=1\\x22/><metahttp-equiv=\\x22refresh\\x22co..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.domein.nl"] [uri "/inloggen/moduleinterface.php"] [unique_id "XcV2HmqvZg83GXszGaxkSAAAAAs"], referer: https://www.domein.nl/


But I never had any problems so far with this host and this website, which is running on CMS Made Simple since 2010.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Fri Nov 08, 2019 3:54 pm 
Offline
Dev Team Member
Dev Team Member

Joined: Mon Nov 28, 2011 9:29 am
Posts: 3131
Location: The Netherlands
Well, in general such request could be considered as suspicious. But when using a CMS and submitting templates those are perfectly valid.

I'd really try to convince the host that this is a valid and expected (POST) request which should not be blocked.

That said, you could also consider using file based templates which can be edited using the hosting provider's file editor (hey: they do allow it from their editor probably!). It also allows you to use your favorite editor and use a file transfer program.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Can't submit Template 'Forbidden, don't have permission'
PostPosted: Wed Nov 13, 2019 2:20 pm 
Offline
Power Poster
Power Poster

Joined: Mon May 11, 2009 4:35 pm
Posts: 485
The host doesn't want to cooperate, so I've tried the second solution mentioned; the file-based method; and this worked!

So for now I'm set, but I'm considering to move to another host eventually.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Hosting Nation - Managed CMSMS Hosting