WordPress.org

Forums

NextGEN Gallery
403 Errors when using Other Options (6 posts)

  1. sneader
    Member
    Posted 1 year ago #

    When using version 2.0.40 of NextGen Gallery, I am getting a 403 error when clicking SAVE under Other Options. Even if I make no changes at all, I still get the error.

    I've tried disabling all other plugins, and switched my theme to default, but it did not help. I've reviewed the access logs on the server, but nothing interesting.

    UPDATE: It looks like NextGen is tripping the server's Mod Security rules:

    [Sun Dec 08 08:58:16.885069 2013] [:error] [pid 316309] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ://%{SERVER_NAME}/" against "ARGS:lightbox[css_stylesheets]" required. [file "/usr/local/apache/conf/modsec/10_asl_rules.conf"] [line "1226"] [id "340464"] [rev "54"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)"] [severity "CRITICAL"] [hostname "example.com"] [uri "/wp-admin/admin.php"] [unique_id "UqSJCDIcCEwABNOVFjsAAAAc"]

    http://wordpress.org/plugins/nextgen-gallery/

  2. pietpompies
    Member
    Posted 1 year ago #

    Bang! The same happened to me, I got sent in circles for 3 weeks now by tech support blaming everything else. Finally saying that it's unique so must be something on my server. Couldn't save that screen, so couldn't fix ALL the 'advance settings' file url's, so couldn't get it off dev site urls.
    Beside that the url should update or be relative, you can't go into the table to fix it manually either.
    Wasted so much time, but Thanks Sneader for your extra info. Now let's see what they say!

  3. sneader
    Member
    Posted 1 year ago #

    It was hitting one other rule (so two rules total). Here's the error log for the other rule:

    [Sun Dec 08 20:32:37.061928 2013] [:error] [pid 728275] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ://%{SERVER_NAME}/" against "ARGS:lightbox[css_stylesheets]" required. [file "/usr/local/apache/conf/modsec/10_asl_rules.conf"] [line "1229"] [id "340465"] [rev "54"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)"] [severity "CRITICAL"] [hostname "example.com"] [uri "/wp-admin/admin.php"] [unique_id "UqUrxDIcCEwACxzTNTgAAAAV"]

  4. photocrati
    Member
    Plugin Author

    Posted 1 year ago #

    @sneader - Thanks for the post and the follow-up details. Would you be interested in submitting a Bug Report (http://www.nextgen-gallery.com/report-bug/ ... please reference this topic) so we can get a look at your specific environment as we do not see this issue on any of our test servers.

    We will likely need log in and FTP credentials for your WordPress installation, too, please include those on the Bug Report.

    Thanks!

    - Cais.

  5. sneader
    Member
    Posted 1 year ago #

    Hi Cais. Yes, of course. Doing right now. Thanks!

    - Scott

  6. photocrati
    Member
    Plugin Author

    Posted 1 year ago #

    @sneader - Thank you, Scott!

    I'll be referencing this topic for our developers to review as well.

    - Cais.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • NextGEN Gallery
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.