Jump to content

Edit page redirecting to domain root


Jon
 Share

Recommended Posts

Hello,

I have a test site setup on my domain in a folder

Iam having a slight issue I can login to the admin fine but when I try and edit any page or add a new page and save iam redirected to the root of the domain any ideas?

Cheers

Jon

Link to comment
Share on other sites

Ive move this site to the actual domain and get the same problem when I login to "Admin" and click edit Iam redirected to the home page. Iam using PW3 .htaccess seems to be working aswell.

Link to comment
Share on other sites

Hi, What happens, if you do a clean install? Can you test it under the actual domain? Also, have you tried disabling modules that might cause such an issue? Server details that might give us more clue (mod_security, etc...) ?

Link to comment
Share on other sites

Hello,

I have tired a clean install which works fine. I then transferred all my site files over to the clean install worked fine. Then I imported my database and ended up with the same issue on save/edit redirect to the home page.

Server information Iam not 100% as its a managed VPS. I have another of other PW site running on it without any issue (Not  PW 3.0.42) mod_security is enabled.

Cheers

Jon

Link to comment
Share on other sites

Hello,

I disabled Mod_Security and it resolved the issue so I have passed this onto the hosting company as Its a bit over my head!

This is what Mod_security seems to be picking up

[Mon Jan 02 14:38:14.099831 2017] [:error] [pid 17088] [client 86.183.53.136] ModSecurity: Access denied with redirection to http://rossofmullbunkhouse.co.uk/ using status 302 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`][\\"'`](?:[\\"'`].*?[\\"'`]|\\\\Z|[^\\"'`]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())" at REQUEST_COOKIES:InputfieldImage. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "82"] [id "981257"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22listSize\\x22:23, found within REQUEST_COOKIES:InputfieldImage: JSON{\\x22header_image\\x22:{\\x22size\\x22:130,\\x22listSize\\x22:23,\\x22mode\\x22:\\x22left\\x22},\\x22images\\x22:{\\x22size\\x22:130,\\x22listSize\\x22:23,\\x22mode\\x22:\\x22grid\\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: rossofmullbunkhouse.co.uk"] [tag "application-multi"] [tag "language-mutli"] [tag "platform-multi"] [tag "attack [hostname "rossofmullbunkhouse.co.uk"] [uri "/pw/site-manager/page/edit/"] [unique_id "WGpl1oBzb5WYMc2t5l7ddQAAAA0"]

Cheers

Jon

  • Like 2
Link to comment
Share on other sites

The hosting company got back to me and said they disabled some rules but iam still getting the same issue. Ive managed to find the Mod_Security log and seem to be getting the following 

Request:    GET /pw/site-manager/page/

Action Description:    Access denied with redirection to http://www.rossofmullbunkhouse.co.uk/ using status 302 (phase 2).
 

Justification:    Pattern match "(?i:(?:[\"'`]\\s*?\\*.+(?:x?or|div|like|between|and|id)\\W*?[\"'`]\\d)|(?:\\^[\"'`])|(?:^[\\w\\s\"'`-]+(?<=and\\s)(?<=or|xor|div|like|between|and\\s)(?<=xor\\s)(?<=nand\\s)(?<=not\\s)(?<=\\|\\|)(?<=\\&\\&)\\w+\\()|(?:[\"'`][\\s\\d]*?[^\\w\\s]+\\W*?\\d\ ..." at REQUEST_COOKIES:pagelist_open.

Link to comment
Share on other sites

I never bother with individual mod_security rules. I just disable it:

<IfModule mod_security.c>
 SecFilterEngine Off
 SecFilterScanPOST Off
</IfModule>

You should be quite safe with the ProcessWire defaults. BTW, you should also add Options -Indexes to .htaccess to disable dir listing.

  • Like 3
Link to comment
Share on other sites

Hello Guys,

Thanks for the help I disable mod_security on the account & development site and that has resolved the issue! Confusing as I haven't had it before! 

Thanks for the Options -indexes tip

Cheers Guys

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...