• Resolved Shane Gowland

    (@thewebatom)


    Clicking the Next or Previous Events links not load any different events.

    The console shows the following error:

    Failed to load resource: the server responded with a status of 400 (Bad Request) 
    /wp-json/tribe/views/v2/html:1 
    
    {"code":"rest_missing_callback_param","message":"Missing parameter(s): url","data":{"status":400,"params":["url"]}}

    I have tried disabling all plugins except for Events Calendar.

    I have also tried reverting to a default WordPress theme.

    CloudFlare, server caching, and caching plugins that might affect javascript have also been disabled.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 20 total)
  • Having exactly the same problem on multiple sites – cannot load other events via next and previous, filtering, changing start date; cannot even change views. I have also tested default theme and no other plugins. I missed seeing that console error, but the hosting provider said I was being blocked from the site (timing out) because of that exact request (/wp-json/tribe/views/v2/html).

    This is happening with TEC free and pro. (there are additional problems in pro, with recurring events)

    I’m actually glad to see others are encountering this now, maybe finally something will be done about it. Been struggling for a couple of weeks trying to figure it out/solve/fix for a highly used site with tons of events, and TEC pro support has not mentioned others are finding the same issue.

    Hello @thewebatom,

    Thank you for bringing this to our attention. And thank you for the conflict testing. In the past, I have seen a conflict with the theme or plugin cause something like this to happen. When you disabled caching, did you clear the cache, as well?

    This might seem simple, but can you refresh/flush the permalinks to see if this helps?

    I’m going to reach out to my teammates about the error you are seeing and will update you with what I find.

    Thank you so much,

    Chad

    Hi Chad, please see support ticket #419982. You should be aware of what has already been investigated for the same issue, so time is not wasted starting from scratch. E.g. flushing permalinks and clearing cache was done when conflict testing on my site (multiple times). Didn’t help. TEC support had full access too. Another thing tested was deactivating/deleting the TEC plugins and reinstalling freshly downloaded ones. I also tested rolling back to older versions from when it was working (before December ’22). None of this made any difference.

    What’s left? Something about the latest self-hosted WP version updates is not playing nice with TEC?

    Hello again,

    I spoke with a few of my colleagues about this and they think that Cloudflare might be causing an issue. I know that you had disabled Cloudflare already but can you try it again and test to see what happens? I would like to pass this information along to the developers that are helping.

    Thank you so much,

    Chad

    And thank you for sharing the ticket number. I will take a look.

    Thank you!

    Hello @thewebatom,

    Can you check the permalinks on your site? I see that we have had a few issues like this where the permalinks were not set to our recommended %postname% and caused some issues. I am curious to see if you have them set to something else and if this helps.

    Thank you so much,

    Chad

    Thread Starter Shane Gowland

    (@thewebatom)

    Hi Chad,

    Just to answer a few things raised in your messages:

    1. CloudFlare has not been re-enabled again.
    2. Caches were all cleared.
    3. Permalink flushing made no impact

    Permalink settings added below, as requested.

    Hello @thewebatom,

    One of our developers found an issue like this with another customer. Can you ask your web host if they have built-in ProxyCache? If so, ask if they can exclude the /events directory.

    Thank you so much,

    Chad

    Thread Starter Shane Gowland

    (@thewebatom)

    Are you referring to proxy_cache (for NGINX) or something else? As far as I can tell, there’s no software called ProxyCache.

    Great news – my hosting provider found a solution:

    “We found that a ModSecurity Rule was triggered [when using the next and previous events buttons]. We have whitelisted that rule now and it seems to be better.”

    Now pagination, switching views, and changing dates are all working.

    (The “condense event series” switch is not, however – I think there are other issues regarding recurring events)

    Seems something changed either in TEC or WordPress core to cause this to start happening in late December or thereabouts. Hope you can figure it out.

    one more note – my hosting provider also said “your server does not have a proxy cache enabled”.

    Thread Starter Shane Gowland

    (@thewebatom)

    @tnightingale please say thank you to your hosting provider for me:

    This is the ModSecurity rule in question. Disabling it gets the pagination links working again.

    #
    # Some servers rely on the request Accept header to determine what charset to respond with.
    # This rule restricts these to familiar charsets.
    #
    # Regular expression generated from util/regexp-assemble/data/920600.data.
    # To update the regular expression run the following shell script
    # (consult util/regexp-assemble/README.md for details):
    #   util/regexp-assemble/regexp-assemble.py update 920600
    #
    SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*(?:\s*+,\s*+(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*)*$" \
        "id:920600,\
        phase:1,\
        block,\
        t:none,t:lowercase,\
        msg:'Illegal Accept header: charset parameter',\
        logdata:'%{MATCHED_VAR}',\
        tag:'application-multi',\
        tag:'language-multi',\
        tag:'platform-multi',\
        tag:'attack-protocol',\
        tag:'paranoia-level/1',\
        tag:'OWASP_CRS',\
        ver:'OWASP_CRS/3.3.4',\
        severity:'CRITICAL',\
        setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
    

    Obviously I’d still like to see Events Calendar fix this. It’s a default rule in one of—if not *the*—the most commonly used WAF packages.

    🙂 They got a huge thank you from me already (doteasy.com)

    Here’s what they told me to pass along to TEC: (I’ve replaced the real domain with example.com here)

    You can tell the plugin developer that the following rules were triggered. They may be able to adjust their code to avoid those rules.
    
    ############################
    
    [Wed Jan 18 09:32:44.075266 2023] [:error] [pid 1470172:tid 47481783543552] [client 24.109.175.187:42230] [client 24.109.175.187] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/wp-json/tribe/views/v2/html"] [unique_id "Y8gtPNvrU-tc_jJmaeMAWwABxRY"], referer: https://example.com/events/
    
    [Wed Jan 18 09:32:47.580519 2023] [:error] [pid 1470172:tid 47481844479744] [client 24.109.175.187:42230] [client 24.109.175.187] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "example.com"] [uri "/index.php"] [unique_id "Y8gtPtvrU-tc_jJmaeMAbAABxRY"], referer: https://example.com/events/
    [Wed Jan 18 09:37:12.639744 2023] [:error] [pid 1536872:tid 47481819264768] [client 24.109.175.187:32658] [client 24.109.175.187] ModSecurity: Warning. Match of "rx ^(?:(?:\\\\*|[^\\"(),\\\\/:;<=>?![\\\\x5c\\\\]{}]+)\\\\/(?:\\\\*|[^\\"(),\\\\/:;<=>?![\\\\x5c\\\\]{}]+))(?:\\\\s*+;\\\\s*+(?:(?:charset\\\\s*+=\\\\s*+(?:\\"?(?:iso-8859-15?|windows-1252|utf-8)\\\\b\\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\\"(),\\\\/:;<=>?![\\\\x5c\\\\]{}]|[^e\\"(),/:;<=>?![\\\\x5c ..." against "REQUEST_HEADERS:Accept" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1162"] [id "920600"] [msg "Illegal Accept header: charset parameter"] [data "undefined"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [hostname "example.com"] [uri "/wp-json/tribe/views/v2/html"] [unique_id "Y8guSHqHVj623W1OrvuhiQAEDQU"], referer: https://example.com/events/
    [Wed Jan 18 09:37:21.674041 2023] [:error] [pid 1536871:tid 4748
    ##########################
    Plugin Support Darian

    (@d0153)

    Hi @tnightingale

    Thanks for sharing this information. Let me share this with the team and I’ll update this thread once I hear back from them.

    Regarding “condense event series” issue it seems you already have an open ticket on our Help Desk (#426736), and it is pending your reply. Please continue to get in touch with one of my colleagues there for us to follow WordPress Forum Guidelines regarding premium users.

    Hello — I have also had the same issue and this thread was brought to my attention by someone at TEC premium support. I think the long-term solution is for the TEC developers to code their REST API call so that it generates a header with a character request that meets the gatekeeping function of OWASP rule #920600

    However, there is a way to write and deploy an exception to any OWASP rule. There is some info on syntax for getting around false positives here:
    https://coraza.io/docs/seclang/syntax/

    I’m guessing that an exception can be written to bypass the OWASP rule based on some part of the string /wp-json/tribe/views/v2/html — I haven’t gotten around to trying that yet — but I’ll post here if I do come up with a solution. For now I have simply disabled OWASP 920600 on the domain that has the event calendar plugin.

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Pagination not working’ is closed to new replies.