ResolvedSearch results : Access denied 403 code

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #32164
    patsa
    Participant

    hi there,
    we have problem with search bar, when we try to search something with a few letters e.g.: ab,ex, etc. we get error 403.

    in our servers log there are this messages show as CRITICAL:

    ModSecurity: Access denied with code 403 (phase 4). Pattern match “(?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\\\\.sql\\\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)” at MATCHED_VAR. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/17_Outgoing_FilterSQL.conf”] [line “22”] [id “218020”] [rev “1”] [msg “COMODO WAF: Oracle SQL Information Leakage||www.emmanouilidoutoys.gr|F|2”] [data “Matched Data: error found within MATCHED_VAR: <!DOCTYPE html>\\x0d\\x0a<html xmlns=\\x22http://www.w3.org/1999/xhtml\\x22 lang=\\x22el\\x22>\\x0d\\x0a\\x09<head>\\x0d\\x0a\\x09\\x09<!– Global site tag (gtag.js) – Google Analytics –>\\x0d\\x0a<script async src=\\x22https://www.googletagmanager.com/gtag/js?id=UA-148078308-53\\x22></script>\\x0d\\x0a<script>\\x0d\\x0a window.dataLayer = window.dataLayer || [];\\x0d\\x0a function gtag(){dataLayer.push(arguments);}\\x0d\\x0a gtag(‘js’, new Date());\\x0d\\x0a\\x0d\\x0a gtag(‘config’…”] [severity “CRITICAL”] [tag “CWAF”] [tag “FilterSQL”] [hostname “www.emmanouilidoutoys.gr”] [uri “/index.php”] [unique_id “YZUMXZcfJXv9msiIZKmTjwAAANg”], referer: https://www.emmanouilidoutoys.gr/

    ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf”] [line “38”] [id “214940”] [rev “2”] [msg “COMODO WAF: Outbound Points Exceeded| Total Points: 5|www.emmanouilidoutoys.gr|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “FiltersEnd”] [hostname “www.emmanouilidoutoys.gr”] [uri “/error_docs/forbidden.html”] [unique_id “YZUMXZcfJXv9msiIZKmTjwAAANg”], referer: https://www.emmanouilidoutoys.gr/

    As you can see modsecurity is enabled in our server with comodo_free.

    Please give us a solution. You may ask us for credentials for dashboard or FTP account if needed.

    Thanks

    #32168
    Althemist
    Keymaster

    Hello patsa,

    the PHP modsecurity should be disabled. This is not theme related, it’s one of the official WordPress and WooCommerce system requirements.

    There are many ways to protect your WordPress website, but modsecurity is not one of them.

    #32169
    Althemist
    Keymaster

    BTW, we have checked your website and it’s extremely slow to the point where it’s almost unusable. We’d strongly suggest to optimize it and may be even change your hosting.

    https://gtmetrix.com/reports/www.emmanouilidoutoys.gr/rLrvTcxd/

    It’s even worse on mobiles and most probably at least 75% of your traffic is mobile, so you should definitely do something. Right now you are probably losing 90% of your potential customers because of that.

    #32174
    patsa
    Participant

    Hello Althemist,

    regarding your answer, i am not sure if it is theme related or not as we have in the same server more WordPress sites with woocommerce system, and in our server logs we do not have any error regarding MODsecurity.
    Please feel free to do a search to https://www.circo.gr, https://www.circo.gr/?s=ex&post_type=product this is a site with the same plugins enabled as in https://www.emmanouilidoutoys.gr/ but with other theme, and the search url works as it should.

    Wordpress and woocommerce is updated to their latest versions.

    Disabling MODsecurity is not an option.

    Please consider the fact that the this one of 14 WordPress sites with Woocommerce search functionality which is hosted in the same server and none of them produce the above report in logs.

    Awaiting your reply.
    Thanks in advance.

    #32175
    Althemist
    Keymaster

    Could you, please give us temporary admin access to your site, so we can check what could be wrong? Also, is there a reason to use Oracle database? That’s highly unusual for WordPress installation?

    Anyways, keep in mind that 403 is a server permissions type error, so it really can’t be theme related. As you can see it works absolutely fine on our demo:

    https://babystreet.althemist.com/?s=ex&post_type=product

    #32180
    patsa
    Participant
    This reply has been marked as private.
    #32183
    Alex
    Keymaster

    Hello patsa,

    This is really strange problem.
    If we remove the post_type parameter, mod_security doesn’t complain…

    Could please send us also an FTP account, so we can look at the logs? It will help if you tell us where can we find them.

    Regards,
    Alex

    #32184
    patsa
    Participant
    This reply has been marked as private.
    #32189
    Alex
    Keymaster

    Hello patsa,

    Thank you.

    Please keep in mind that it will take some time to investigate this, as it is quite an unusual issue.

    Regards,
    Alex

    #32238
    patsa
    Participant

    Hi alex,

    Is there any update about this issue ?

    Thanks.

    #32249
    Alex
    Keymaster

    Hello patsa,

    We are still investigating. Will give you update later today.

    Regards,
    Alex

    #32256
    Alex
    Keymaster

    Hello patsa,

    After researching the issue, we’ve found that ModSecurity quite often triggers false positive alerts.

    Anyway, we double-checked our code for SQL injection vulnerabilities and we can assure you that all the parameters are properly escaped and there is no real threat.

    The cause for the false positive trigger could be a specific combination of conditions provided by all the plugins and theme. We suggest that you modify the rules according your current configuration. Unfortunately we are not specialists in this area and can’t help you with this.

    If you find a concrete problem, please let us know and we will investigate and resolve it.

    Regards,
    Alex

    #32269
    patsa
    Participant
    This reply has been marked as private.
    #32271
    Alex
    Keymaster
    This reply has been marked as private.
Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in and have valid license to reply to this topic.

License required for any item belonging to this account
AlThemist

AlThemist

sales 16456, followers 730
Login and Registration Log in · Register