Can't save «Select Options» field

[tron1000]

Hello!

I have some «Select Options» fields in my backend and when I try to make changes to them and hit «Save», I receive a 403 error (Forbidden, Access to this resource on the server is denied.)

Any ideas what this could be?

Thanks a lot in advance, Andrej

[BitPoet]

Is mod_security enabled in the web server? If yes, it would be the first suspect.

[tron1000]

Hi BitPoet, thanks a lot for your reply! I could not change the setting you mentioned myself, so I contacted the host. They added the following code to my .htaccess file:

# ModSec Exceptions by cyon

<IfModule mod_security2.c>
        SecRuleRemoveById 340145
</IfModule>

A rule in their Web Application Firewall led to the error.

Thanks again!

[szabesz]

2 hours ago, tron1000 said:

They added the following code to my .htaccess file:

I'm glad you could have it fixed, however it is worth to note that the site might also get hit by other mod_security rules in the future, so it is best to turn off mod_security altogether. ProcessWire does not need it....

for example: http://www.amitb.info/dealing-with-a-mod_security-nightmare-with-apache-and-codeigniter/

quote:

"First thing, don’t waste your time chatting with your hosting company support staff. The front line support staff is not very equipped with dealing these complicated things. They are usually adept in dealing with normal things which occurs in volumes. So skip them altogether."

also: https://stackoverflow.com/questions/12928360/how-can-i-disable-mod-security-in-htaccess-file

[tron1000]

Hi szabesz! Thanks for the information! That's good to know. I will let my host turn mod_security off … Köszönöm szépen!

[netcarver]

I've just tried ModSecurity 2.9.3-1 running the Owasp core ruleset 3.3.0 on an Ubuntu 20.04 LTS server and my select option fields seem to be working well. Perhaps ModSecurity and the core ruleset are more mature now.