WordPress.org

Support

Support » Plugins and Hacks » NextGEN Gallery - WordPress Gallery Plugin » 403 Errors when using Other Options

403 Errors when using Other Options

  • When using version 2.0.40 of NextGen Gallery, I am getting a 403 error when clicking SAVE under Other Options. Even if I make no changes at all, I still get the error.

    I’ve tried disabling all other plugins, and switched my theme to default, but it did not help. I’ve reviewed the access logs on the server, but nothing interesting.

    UPDATE: It looks like NextGen is tripping the server’s Mod Security rules:

    [Sun Dec 08 08:58:16.885069 2013] [:error] [pid 316309] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of “rx ://%{SERVER_NAME}/” against “ARGS:lightbox[css_stylesheets]” required. [file “/usr/local/apache/conf/modsec/10_asl_rules.conf”] [line “1226”] [id “340464”] [rev “54”] [msg “Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)”] [severity “CRITICAL”] [hostname “example.com”] [uri “/wp-admin/admin.php”] [unique_id “UqSJCDIcCEwABNOVFjsAAAAc”]

    http://wordpress.org/plugins/nextgen-gallery/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Bang! The same happened to me, I got sent in circles for 3 weeks now by tech support blaming everything else. Finally saying that it’s unique so must be something on my server. Couldn’t save that screen, so couldn’t fix ALL the ‘advance settings’ file url’s, so couldn’t get it off dev site urls.
    Beside that the url should update or be relative, you can’t go into the table to fix it manually either.
    Wasted so much time, but Thanks Sneader for your extra info. Now let’s see what they say!

    It was hitting one other rule (so two rules total). Here’s the error log for the other rule:

    [Sun Dec 08 20:32:37.061928 2013] [:error] [pid 728275] [client 1.2.3.4] ModSecurity: Access denied with code 403 (phase 2). Match of “rx ://%{SERVER_NAME}/” against “ARGS:lightbox[css_stylesheets]” required. [file “/usr/local/apache/conf/modsec/10_asl_rules.conf”] [line “1229”] [id “340465”] [rev “54”] [msg “Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)”] [severity “CRITICAL”] [hostname “example.com”] [uri “/wp-admin/admin.php”] [unique_id “UqUrxDIcCEwACxzTNTgAAAAV”]

    Plugin Author photocrati

    @photocrati

    @sneader – Thanks for the post and the follow-up details. Would you be interested in submitting a Bug Report (http://www.nextgen-gallery.com/report-bug/ … please reference this topic) so we can get a look at your specific environment as we do not see this issue on any of our test servers.

    We will likely need log in and FTP credentials for your WordPress installation, too, please include those on the Bug Report.

    Thanks!

    – Cais.

    Hi Cais. Yes, of course. Doing right now. Thanks!

    – Scott

    Plugin Author photocrati

    @photocrati

    @sneader – Thank you, Scott!

    I’ll be referencing this topic for our developers to review as well.

    – Cais.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘403 Errors when using Other Options’ is closed to new replies.
Skip to toolbar