Hostgator + Printful issues with 1.7.5.2

[ScubaPongo]

Can't seem to get these two to integrate properly and I am getting the run around from both places - figured I would try here to see if anyone else successfully got this working.

Hosting is with HostGator.com on one of their shared plans as this is a small site with little traffic (in other words there is a lot of info I don't have access to when trying to debug this).

Trying to integrate printful.com with PS 1.7.5.2.

PS installs file, no errors, etc, but when syncing printful.com products it returns "Could not connect to https://store.examplesite.com/api/products. Reason: 406 Not Acceptable".  Printful.com tells me this is related to mod_security.  HostGator tells me there are no errors showing related to mod_security on this entire subdomain.  There lies the problem... both places pointing to the other and because this is shared hosting for this client I don't have access to what I typically would to debug what is actually going on.

Has anyone successfully used PS with HostGator or even better yet integrating Printful.com with it?  Any ideas?  No php errors anywhere at store.examplesite.com, PS store and admin runs fine, printful.com module is installed and connected.

[Wando]

Same issue with different host so comment to follow

[ScubaPongo]

7 hours ago, Wando said:

Same issue with different host so comment to follow

If you come across anything please mention it here.  I will do the same.  Thanks!

[hishak]

Same issue.  Printful support asked me to whitelist a few IP addresses. Did that using cPanel with my provider Bluehost.  No change, still 406.

btw on Bluehost at least I can look at log files.  Here is what I see:

[client 216.244.66.245:0] [client 216.244.66.245] ModSecurity: Access denied with code 406 (phase 1). Pattern match "NetcraftSurveyAgent|MJ12bot|(?i:BUbiNG)|D(?i:otbot)|

Also, found this summary.  Does this mean we need to upgrade to at least a VPS?

 

Edited June 29, 2019 by hishak
last minute info (see edit history)

[ScubaPongo]

Update today.  After going back and forth with the host I finally got someone on their end who knew what they were doing.  He explained that it was indeed mod_sec causing the problem and had to whitelist a rule(s) in a way they typically do not do.  The printful integration with PS now works on my domain and I can create and sync products.  I replied back to this particular support person to get more details as to what he actually changed so I have a hard copy of that in case something comes up in the future.  If he replies back with that information I will make sure to post it here.

Only took over a month to get this taken care of and numerous emails lol.  Luckily, PS was not the main reason for my domain and is just an 'addon' I wanted to do so time was not really so much of an issue.  I forgot how much of a pita shared hosting plans are when you don't have access to everything!

[ScubaPongo]

This is what their support sent me back as far as fixing the my particular issue with printful and ps.

---------

So there are multiple methods of whitelisting mod_security rules, we typically use the SecRule directive in the Apache configuration for this to match your domain name and whitelist the rule. I tried getting this working but was unable to determine why it wasn't. Instead I created a custom Apache configuration include file for your cPanel account following cPanel's documentation (https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files) and used the SecRuleRemoveById directive to remove the processing of this mod_security rule from your domain names.

The mod_security rule in question was:

392301

Here is the mod_security error we located each time I tried to create the product in printful.com:

[Mon Jul 08 21:46:48.728656 2019] [:error] [pid 821141:tid 140533817857792] [client 52.52.136.16:47798] [client 52.52.136.16] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "96"] [id "392301"] [rev "7"] [msg "Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [tag "no_ar"] [hostname "store.example.com"] [uri "/api/products"] [unique_id "XSQAGIDwTD3TpjYAFD5cKQAABd8"]

---------

If this helps anyone.  Funny though that for a few weeks they told me they couldn't find any mod_sec errors then finally this new guy looks at it and boom - fixed.

[Paulie]

On 7/10/2019 at 2:06 AM, ScubaPongo said:

This is what their support sent me back as far as fixing the my particular issue with printful and ps.

---------

So there are multiple methods of whitelisting mod_security rules, we typically use the SecRule directive in the Apache configuration for this to match your domain name and whitelist the rule. I tried getting this working but was unable to determine why it wasn't. Instead I created a custom Apache configuration include file for your cPanel account following cPanel's documentation (https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files) and used the SecRuleRemoveById directive to remove the processing of this mod_security rule from your domain names.

The mod_security rule in question was:

392301

Here is the mod_security error we located each time I tried to create the product in printful.com:

[Mon Jul 08 21:46:48.728656 2019] [:error] [pid 821141:tid 140533817857792] [client 52.52.136.16:47798] [client 52.52.136.16] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "96"] [id "392301"] [rev "7"] [msg "Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [tag "no_ar"] [hostname "store.example.com"] [uri "/api/products"] [unique_id "XSQAGIDwTD3TpjYAFD5cKQAABd8"]

---------

If this helps anyone.  Funny though that for a few weeks they told me they couldn't find any mod_sec errors then finally this new guy looks at it and boom - fixed.

Hi! I'm having a similar problem and sadly no help from anyone. Thanks for posting this! Would you be that kind and let me know your hosting provider? I may like to hop on their server. Thanks in advance!

[pixelicous]

I have sync errors and i am getting error 400.

For some reason modsecurity cannot read the xml request as printful sends it and drops the request.

msg "Failed to parse request body."] [data "XML parsing error: XML: Failed parsing document."] [severity "2"]

So it's completely different, i'd be interested in whitelisting printful ip addresses though

[filippousa]

On 7/9/2019 at 5:06 PM, ScubaPongo said:

This is what their support sent me back as far as fixing the my particular issue with printful and ps.

---------

So there are multiple methods of whitelisting mod_security rules, we typically use the SecRule directive in the Apache configuration for this to match your domain name and whitelist the rule. I tried getting this working but was unable to determine why it wasn't. Instead I created a custom Apache configuration include file for your cPanel account following cPanel's documentation (https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files) and used the SecRuleRemoveById directive to remove the processing of this mod_security rule from your domain names.

The mod_security rule in question was:

392301

Here is the mod_security error we located each time I tried to create the product in printful.com:

[Mon Jul 08 21:46:48.728656 2019] [:error] [pid 821141:tid 140533817857792] [client 52.52.136.16:47798] [client 52.52.136.16] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "96"] [id "392301"] [rev "7"] [msg "Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [tag "no_ar"] [hostname "store.example.com"] [uri "/api/products"] [unique_id "XSQAGIDwTD3TpjYAFD5cKQAABd8"]

---------

If this helps anyone.  Funny though that for a few weeks they told me they couldn't find any mod_sec errors then finally this new guy looks at it and boom - fixed.

Very helpful, thanks! Know the name of the rep over at HostGator? I'm having the same issue and no one knows anything. Thank you