 |
|
You are here: Foswiki>Support Web>SupportQuestions>403-Forbidden-rest-WysiwygPlugin-tml2html (14 Oct 2020, StijnBousard)Edit Attach
This question about Using an extension: Answered
403 Forbidden: .../rest/WysiwygPlugin/tml2html:
When I try to edit a topic, I recently get:There was a problem retrieving https://.../bin/rest/WysiwygPlugin/tml2html: GENERAL 403Other topics can be edited without problem. The error log of the hosting company shows the following line:
[Mon Oct 12 18:00:49.412015 2020] [:error] [pid 3904712:tid 140396122117888] [client 78.22.157.55:62064] [client 78.22.157.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/usr/local/cwaf/rules/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||wiki.boossy.be|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "wiki.boossy.be"] [uri "/bin/rest/WysiwygPlugin/tml2html"] [unique_id "X4R9sSSgt3@8VIj5qSkl6QAASTk"], referer: https://wiki.boossy.be/bin/edit/Boossy/WinAppShortcut?t=1602518443Any idea how I can avoid this or how I can adapt the topics so the error won't occur?
Did you take a look at the mentioned configuration file
/usr/local/cwaf/rules/12_HTTP_Protocol.conf, line 137? What's in there?
-- MichaelDaum - 13 Oct 2020
Hi Michael,
I tried, but since it's on a shared hosting environment, I don't have access to /usr/local/cwaf/rules/12_HTTP_Protocol.conf.
-- StijnBousard - 13 Oct 2020
Please contact your hosting support as it seems some config setting is causing this.
-- MichaelDaum - 14 Oct 2020
A hint to the answer, I found here. Apparently, in the web hosting control panel Plesk, you can adjust settings in the Web Application Firewall.
I found out this can also be achieved in !DirectAdmin: - Account Manager > Domain Setup
- click on your domain name
- in the top right corner, click on !ModSecurity
- now scroll down to Disabled Rules
- in the ID text box, fill in the id you found in the Error log and click on the DISABLE RULE button: the ID is added to the list with ModSecurity Disabled Rules
QuestionForm edit
| Subject | Using an extension |
| Extension | WysiwygPlugin |
| Version | Foswiki 2.1.6 |
| Status | Answered |
| Related Topics |
Edit | Attach | Print version | History: r5 < r4 < r3 < r2 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r5 - 14 Oct 2020, StijnBousard
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy