403 Errors when using Other Options

  • sneader

    (@sneader)


    10 years, 4 months ago

    When using version 2.0.40 of NextGen Gallery, I am getting a 403 error when clicking SAVE under Other Options. Even if I make no changes at all, I still get the error.

    I’ve tried disabling all other plugins, and switched my theme to default, but it did not help. I’ve reviewed the access logs on the server, but nothing interesting.

    UPDATE: It looks like NextGen is tripping the server’s Mod Security rules:

    [Sun Dec 08 08:58:16.885069 2013] [:error] [pid 316309] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of “rx ://%{SERVER_NAME}/” against “ARGS:lightbox[css_stylesheets]” required. [file “/usr/local/apache/conf/modsec/10_asl_rules.conf”] [line “1226”] [id “340464”] [rev “54”] [msg “Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)”] [severity “CRITICAL”] [hostname “example.com”] [uri “/wp-admin/admin.php”] [unique_id “UqSJCDIcCEwABNOVFjsAAAAc”]

    http://wordpress.org/plugins/nextgen-gallery/

Viewing 5 replies - 1 through 5 (of 5 total)
  • pietpompies

    (@pietpompies)

    10 years, 4 months ago

    Bang! The same happened to me, I got sent in circles for 3 weeks now by tech support blaming everything else. Finally saying that it’s unique so must be something on my server. Couldn’t save that screen, so couldn’t fix ALL the ‘advance settings’ file url’s, so couldn’t get it off dev site urls.
    Beside that the url should update or be relative, you can’t go into the table to fix it manually either.
    Wasted so much time, but Thanks Sneader for your extra info. Now let’s see what they say!

    Thread Starter sneader

    (@sneader)

    10 years, 4 months ago

    It was hitting one other rule (so two rules total). Here’s the error log for the other rule:

    [Sun Dec 08 20:32:37.061928 2013] [:error] [pid 728275] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of “rx ://%{SERVER_NAME}/” against “ARGS:lightbox[css_stylesheets]” required. [file “/usr/local/apache/conf/modsec/10_asl_rules.conf”] [line “1229”] [id “340465”] [rev “54”] [msg “Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)”] [severity “CRITICAL”] [hostname “example.com”] [uri “/wp-admin/admin.php”] [unique_id “UqUrxDIcCEwACxzTNTgAAAAV”]

    Plugin Contributor photocrati

    (@photocrati)

    10 years, 4 months ago

    @sneader – Thanks for the post and the follow-up details. Would you be interested in submitting a Bug Report (http://www.nextgen-gallery.com/report-bug/ … please reference this topic) so we can get a look at your specific environment as we do not see this issue on any of our test servers.

    We will likely need log in and FTP credentials for your WordPress installation, too, please include those on the Bug Report.

    Thanks!

    – Cais.

    Thread Starter sneader

    (@sneader)

    10 years, 4 months ago

    Hi Cais. Yes, of course. Doing right now. Thanks!

    – Scott

    Plugin Contributor photocrati

    (@photocrati)

    10 years, 4 months ago

    @sneader – Thank you, Scott!

    I’ll be referencing this topic for our developers to review as well.

    – Cais.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘403 Errors when using Other Options’ is closed to new replies.