Muut
1
Testing Grav on new server and ran into message below every time any admin page is accessed.
The message appears as red modal and then disappears:
403 Forbidden
Forbidden
You don't have permission to access /admin/notifications.json/task:processNotifications
on this server.
Have not used Grav enough to understand what file and permissions to look for.
Thanks in advanced for any input.
Terry
Muut
2
Muut
3
Otherwise it’s a mod_security configuration problem- see https://github.com/getgrav/grav-plugin-admin/issues/979
Muut
4
Thanks @flaviocopes. Thought I had specified CentOS, my bad.
You got me on the right track with mod_security now just have to drill down to solve issue.
Thanks again.
[Sun Feb 26 09:14:04 2017] [error] [client 47.184.XX.XX] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/modsecurity-owasp-latest/rules/RESPONSE-980-CORRELA TION.conf"] [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 5: Disallowed HTML Attributes"] [tag "event-correlation"] [hostname "xxxxxxxxxxx.com"] [uri "/admin/notifications.json/task:processNotifications"] [unique_id "WLLwvH8AAAEAAExsyAoAAAAF"]
---
Muut
5
Need to find out if we can avoid triggering this problem in the first place.
Muut
6
It will be a few days before I can get back to setting up Grav but when / if figured out will certainly share the solution:)