Download
2021-01-20, 08:50:58
Hi,
From your argeweb hoster:
Looks like argeweb hosting cannot white list files by them selves, nor do they mention anything
about mod_security settings in your CPanel .....
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
So let's take it from the top to the bottom:
1)
Permission settings for the data folder and subfolders (uploads etc.)
Do a quick recursive change (to get all the subfolders as well) to 777 to test and check if that works,
then sort out the proper owner/permission settings.
2)
I noticed that the domain https://flevoland2020.nl/ now has a green padlock
and now the Certificate Name matches flevoland2020.nl
But the domain ja21flevoland.nl does not resolve to https
There is some Certificate detected but the Certificate does not match name ja21flevoland.nl
Most hosters these days provide a free Let's Encrypt Certificate, I assume that argeweb
does also ?
3)
Some simple steps you can do by your self to detect mod_security block are as follows:
a) You get one of the specified errors on your website frontend or backend when performing certain actions/requests:
403 Forbidden, 500 Internal Server Error, 404 Not Found.
b) The way to reproduce the error is usually the same all the time (as far as mod_security blocks a certain activity only).
c) The other functionality on your website frontend/backend remains normal.
So check: does it matter what you write in the content ?
Can you change other things in page options without any error issue ?
4)
Check your browser console for any changedata.php related issues
Here is an example how that could look like:
http://ja21flevoland.nl/admin/changedata.php [HTTP/1.1 403 Forbidden 199ms]
And here is a possible example that could be the cause: (and could point to a solution direction)
Content written with a single quote (') can be saved or created. Content written with a double quote ('') can not
and will result in a error message "Forbidden You don't have permission to access changedata.php on this server."
So check your content for possible wrong formatted characters such as ", <, >, &, '
Are you copying text from e.g. Word and paste it in the CKEditor ?
Such actions could bring in none html formatting or unsafe characters that are not visible,
somewhere hiding in CKEditor content creating false mod_security flags
Any decent IDE has the option to show any hidden characters, for example in Notepad++
Menu => View => Show Symbol => Show all characters ....
F.
From your argeweb hoster:
Quote:Because this might be a false positive I want to advise you to create a case at Comodo Support
via the following URL, so they can modify it
Looks like argeweb hosting cannot white list files by them selves, nor do they mention anything
about mod_security settings in your CPanel .....
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
So let's take it from the top to the bottom:
1)
Permission settings for the data folder and subfolders (uploads etc.)
Do a quick recursive change (to get all the subfolders as well) to 777 to test and check if that works,
then sort out the proper owner/permission settings.
2)
I noticed that the domain https://flevoland2020.nl/ now has a green padlock
and now the Certificate Name matches flevoland2020.nl
But the domain ja21flevoland.nl does not resolve to https
There is some Certificate detected but the Certificate does not match name ja21flevoland.nl
Most hosters these days provide a free Let's Encrypt Certificate, I assume that argeweb
does also ?
3)
Some simple steps you can do by your self to detect mod_security block are as follows:
a) You get one of the specified errors on your website frontend or backend when performing certain actions/requests:
403 Forbidden, 500 Internal Server Error, 404 Not Found.
b) The way to reproduce the error is usually the same all the time (as far as mod_security blocks a certain activity only).
c) The other functionality on your website frontend/backend remains normal.
So check: does it matter what you write in the content ?
Can you change other things in page options without any error issue ?
4)
Check your browser console for any changedata.php related issues
Here is an example how that could look like:
http://ja21flevoland.nl/admin/changedata.php [HTTP/1.1 403 Forbidden 199ms]
And here is a possible example that could be the cause: (and could point to a solution direction)
Content written with a single quote (') can be saved or created. Content written with a double quote ('') can not
and will result in a error message "Forbidden You don't have permission to access changedata.php on this server."
So check your content for possible wrong formatted characters such as ", <, >, &, '
Are you copying text from e.g. Word and paste it in the CKEditor ?
Such actions could bring in none html formatting or unsafe characters that are not visible,
somewhere hiding in CKEditor content creating false mod_security flags
Any decent IDE has the option to show any hidden characters, for example in Notepad++
Menu => View => Show Symbol => Show all characters ....
F.
