Jump to content

Hann Code 403 Error Code


OllieMackJames
 Share

Recommended Posts

In most cases (probably all I've heard of so far) this type of issue is caused by the security settings on the host, mod_security (ModSecurity) module, etc.

LiteSpeed apparently has its own WAF feature, so that's probably where I'd start digging into this; is something like that enabled, have you recently made any changes on the host, or could the host have been updated by someone else? Has this worked before?

  • Like 3
Link to comment
Share on other sites

@teppo thanks for your thoughts.

This has worked before, and fortunately the code still works, but when I try to change anything and save, it throws this error.

I changed VPS recently and moved from freebsd to centos with litespeed and different security settings on the host than before, so this must indeed be the problem.

The error screen indeed shows litespeed at the bottom, so it seems like a server thing rather than a processwire thing.

Now the big question is what do I need to change where so it will work again.

What is it in Hanna Code that triggers WAF, any ideas?

Thanks again teppo.
 

Link to comment
Share on other sites

13 minutes ago, OllieMackJames said:

What is it in Hanna Code that triggers WAF, any ideas?

It's not so much about Hanna Code specifically, but rather posting (obvious) code via any web form. ModSecurity and different WAF implementations may detect this and assume malicious intent, which is problematic here since we actually want (authenticated) users to be able to post code.

The easiest thing to do would be disabling this feature altogether, either globally or at htaccess level for a specific site. I'm not familiar with this solution so I've no idea if there's some way to keep it on for most users and/or just disable parts of it, but you may find more about that from the LiteSpeed manual.

Edit: at least in Apache you can wrap <IfModule></IfModule> with <Directory /some/path/on/disk/></Directory>, which might help to selectively disable this feature. And it's also possible to check if a cookie exists, in which case you could sniff for a "wires" cookie first, though I've never tested this in practice and don't know if those will work together.

Edited by teppo
  • Like 2
Link to comment
Share on other sites

I have a hosting account that runs litespeed, and i use this snippet in the .htaccess, which was recommended by Ryan.

<IfModule security2_module>
    # Allow ModSec rule processsing without disruptive action
    SecRuleEngine DetectionOnly
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

 

 

  • Like 1
Link to comment
Share on other sites

3 hours ago, Macrura said:

I have a hosting account that runs litespeed, and i use this snippet in the .htaccess, which was recommended by Ryan.


<IfModule security2_module>
    # Allow ModSec rule processsing without disruptive action
    SecRuleEngine DetectionOnly
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

 

 

Thanks @Macrura unfortunately that did not work for me, where did you put this in your htaccess?

Thanks

Link to comment
Share on other sites

On one of the sites, the host put this in, so if you figure out the ID of which rule is being triggered, you would add this, in addition to the more general snippet.

<LocationMatch "/">
        SecRuleRemoveById 77218500
</LocationMatch>

If you have access to the Formbuilder forum, there are around 4-5 posts about this similar issue with various examples of htaccess rules, remove by ID etc.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...