[SOLVED] Modules Translations 403/404 Error

[aussiePrestaUser]

Hi Guys

 

 

Im getting this error in modules translations, seems to be a problem that pops up a fair bit. I have tried reading through the forums and some of the fixes posted , but nothing seems to work .

 

prestashop v1.4.7.3 , Total expressions : 2992 (was also doing this in 1.4.7, with 5000 or so expressions)

 

My .htacces file read this.

 

php_value memory_limit 128M

php_value max_execution_time 1000

php_value post_max_size 40M

php_value upload_max_filesize 40M

php_value suhosin.get.max_vars 10000

php_value suhosin.post.max_vars 10000

php_value suhosin.request.max_vars 10000

php_value max_input_vars 10000

 

As far as I know I do not have access to php.ini . I asked the webhost to change the values, and they did it in .htaccess

 

The error log on the server shows:

 

[error] [client 220.245.168.81] File does not exist: /home/ledtopia/public_html/403.shtml, referer: /index.php?tab=AdminTranslations&lang=en&type=modules&token (then numbers)

 

The error I get when trying to save is:

 

Forbidden

 

You don't have permission to access /LED12/index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

 

 

Im really stuck with this and been trying to solve it for weeks now.

 

Cheers

Mike

[phrasespot]

You don't have permission to access /LED12/index.php

 

403 Forbidden error sounds like may be due to ModSecurity. Ask your host if it is installed, adjust to handle posts with massive parameter count if it is.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. File does not exist: /home/ledtopia/public_html/403.shtml

 

404 is due to bad setup of the server. When the post triggers a 403 response the server is trying to return the 403 document it is setup to return in such cases, but fails to locate it so adds a 404 not found instead to response

[aussiePrestaUser]

Thanks for the info. I will give my host a call today and see if they can help.

[aussiePrestaUser]

Ok got it working

 

Modsecurity was the culprit. They have now turned it off for me.

They could not find any rule notices being logged relating to it though.

They have asked if anyone here would know what would be triggering it, but not able to be logged.

 

They also said if I could narrow it down, they could make a rule exemption for me if needed.

 

Is it safe to leave off? or better to leave modsec on?

 

Cheers

Mike

[phrasespot]

They have asked if anyone here would know what would be triggering it

Depends on what rule set is in effect. As there may be thousands of rules it is difficult to say without having server level access.

 

ModSecurity will be logging to its own file, or at least it should be and you can find out where by inspecting its configuration file. It is unlikely that it would block and not log unless it is a rule with logging turned off then you should be looking for rules with logging turned off. Or they can temporarily change default action to log everthing and you will find out which rule.

 

Another way is: ruleset will comprise several individual files. By excluding files one-by-one it is possible to narrow down the rule file containing the rule causing the problem. There may still be a lot of rules in that file but at least search scope is narrower now. If the modsec core set is used, I will hazard a guess that the culprit rule is in crs_20_protocol_violations, more specifically, 958291, 960014, 960020 or nearby

 

They also said if I could narrow it down, they could make a rule exemption for me if needed.

Is it safe to leave off? or better to leave modsec on?

Exception is a better solution than completely turning it off. ModSecurity is there for a reason. Ultimately your server, your decision.