Having trouble getting page edits to Scribe theme to commit.

  • Michael Bissett

    Hey @Kim Kuhlman, Michael here!

    Looking at the browser console while trying to save changes, I'm seeing this come up there:

    jquery.js?ver=1.11.3:5 - POST https://blueskydigitalstrategy.com/wp-admin/admin-ajax.php 404 (Not Found)

    It seems like there may be a modsecurity rule set up by your host (or a series of rules) that's being triggered, could you please try inserting the following into your site's .htaccess:

    <IfModule mod_security.c>
    SecFilterRemove 00318

    And seeing if that helps?

    If it doesn't, then I'd advise asking your hosting company to look into their error logs, and checking for modsecurity errors associated with /wp-admin/admin-ajax.php, and asking them to make an exception for that.

    Kind Regards,

  • Kim Kuhlman

    I've added the security exception above to .htaccess, but I'm still getting the error. I've been poking around Apache and modsecurity and it looks like the error is being interpreted as a blind SQL injection attack (?!), i.e.

    [Fri Jan 08 08:20:00 2016] [error] [client XX.24.56.XXX] ModSecurity: Access denied with code 406 (phase 2). Pattern match "\\\\b(?:slight_frown:?:s(?:ys(?:slight_frown:?:slight_frown:?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:slight_frown:?:slight_frown:?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:slight_frown:?:nam|typ)e|id) ..." at ARGS:data. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "65"] [id "959007"] [msg "Blind SQL Injection Attack"] [data "object_id"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "blueskydigitalstrategy.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Vo@3gIF5sWMAAGBQTXcAAAAA"]

  • Kim Kuhlman

    More information...

    I installed ConfigServer ModSecurity Control (CMC) in cPanel so that I could get access to the ModSecurity rules. I added an exception for" id 959007," and restarted Apache. This got rid of the first error, but another id number popped up and a new "ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/kimkuhlm/20160108/20160108-1141 (Permission denied)" was generated. Why is it asking to create this file? Upon further testing, more ids came up, but once I added

    <LocationMatch "/wp-admin/admin-ajax.php">
    SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
    SecRuleRemoveById phpids-17
    SecRuleRemoveById phpids-20
    SecRuleRemoveById phpids-21
    SecRuleRemoveById phpids-30
    SecRuleRemoveById phpids-61
    SecRuleRemoveById 959007
    SecRuleRemoveById 950904
    SecRuleRemoveById 950906
    SecRuleRemoveById 340145
    SecRuleRemoveById 959007
    SecRuleRemoveById 950904
    SecRuleRemoveById 950906
    SecRuleRemoveById 340145
    SecRuleRemoveById 950001

    to the file modsec2.whitelist.conf, everything seems to be operating properly. Hope this can help someone else.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.