Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Moved to server: Add Component not working
#1
Hi,
I've been working on a Get Simple (3.2.1 with News Manager and I18N plugins) install locally, and recently installed on an external server. I carried out the recommended fresh install on the server, and then copied over my 'data', 'plugins' and 'theme' folders. All seemed well, with content and themes being updated and amended fine through the GS interface. However, when I went to add a new component and click 'Save component', an 'Oops! Page not found!' page is generated (with 'http://test.xxxxx.co.uk/admin/components.php' in the address window, and not the expected 'http://test.xxxxx.co.uk/admin/components.php?upd=comp-success'). As well as being 'thrown out', the component is definitely not saved.
Any suggestions?
Tim
Reply
#2
Your host is blocking it using mod_sec thinking it is a cross site script attack.
Check your access and error logs

Could also be your browser doing the same but it usually says so in the javascript console or somewhere.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#3
Thanks – will look into that.
Reply
#4
Actually I think you misunderstood. All the CMS files are on the external server, with no linking to resources elsewhere – all within same domain. I mentioned my own local server, as everything functioned correctly there, and the way the migration is recommended the only upset on the external server could be permissions.

Tim
Reply
#5
You can try something like this in your htaccess to confirm.

Code:
# insert your ip
SetEnvIf Remote_Addr ^XXX\.XXX\.XXX\.XXX$ MODSEC_ENABLE=Off
SetEnvIf Request_Method !^POST$ MODSEC_ENABLE=On

Mod_sec will block xss attacks by detecting posts and gets containing the same code or data, indicating a successful reflected xss attack. Unfortunately this is exactly what we want to happen in a cms. If you are posting to a page that clearly exists and you get a 403, then something is blocking it, check your headers, but usually it is specifically made to be undetectable for real attackers. So your access and error logs will show apache blocking it.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#6
you can also try

Code:
<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>

or

Code:
<IfModule mod_security.c>
SecFilterEngine off
</IfModule>
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#7
Thanks for all of this. With you mentioning mod_sec, it helped a lot, as I entered that as a search string into the forum and up popped your advice to a couple of other similar component issues (which hadn't materialised when I searched prior to posting).

Tim
Reply
#8
It could be something else, but I would bet on it.

Do page edits or theme edits, also fail ?
Does uploading files fail ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#9
(2013-06-05, 23:50:49)shawn_a Wrote: It could be something else, but I would bet on it.

Do page edits or theme edits, also fail ?
Does uploading files fail ?

Page edits are fine, so are theme edits – both the template php and the css. It also does't matter what the content I place in the component – it bounces me out – I mention that as some of the other 'component not saving' scenarios you've helped, had it saving if content was 'simpler'.

Tim
Reply
#10
Yeah it depends on what rule is catching it, I have experienced both, but with components it usually always failed.

Your host error log will say for sure, only way to be certain what the 404 is from
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#11
I also face this difficulty, try adding:

Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</ IfModule>

in .htaccess but not successful. The best solution is to contact your hosting company to request disable mod_security
Reply




Users browsing this thread: 1 Guest(s)