Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Erroraccess Denied: Possible Csrf Attack Rate Topic   - - - - -

 

Posted 21 February 2016 - 08:52 PM #1

Hey guys, 

 

I have been in the process of setting up more product for my website. I have had no such errors previously. 

 

When updating some pictures for the "option combination" tab, it takes me back to my dashboard and has this message in red "ErrorAccess denied: Possible CSRF attack"

 

Anyone know this came up all of a sudden, and how to get rid of it?

 

Thanks



 
  • FDGWEB
  • Junior Member
  • Authorized Reseller
  • Join Date: 20-Aug 10
  • 110 posts

Posted 22 February 2016 - 05:17 PM #2

We've seen this ... if you have a VPS or dedicated server you should check the value of max_post_size & max_input_vars. 

 

Increase both of them until you no longer see that error.

 

If you do not have access to this setting ... look for.. or create a php.ini file and adjust there.

 

The values will look like:

 

upload_max_filesize = 10M

post_max_size = 10M

max_input_vars = 10000;


FDG Web, Inc - Seattle Web Design : Custom CS-Cart Programming & Design | Toll-Free: 877.239.3083

Download Proposal Templates & Web Design Contract Samples

 

Posted 23 February 2016 - 05:37 AM #3

Thank you for your reply, that was the problem. all fixed now.



 
  • BearBug
  • Junior Member
  • Members
  • Join Date: 20-Feb 08
  • 35 posts

Posted 17 March 2016 - 03:35 PM #4

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

 
  • imac
  • CTO
  • CS-Cart Architects
  • Join Date: 22-Nov 05
  • 1,719 posts

Posted 18 March 2016 - 08:06 AM #5

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

See the FDGWEB reply,

The more products/options/features you have on a page the bigger values should be.

I suppose if you update values accordingly to FDGWEB suggestion everything should work. 


Ilya Makarov,
CS-Cart Architect Team
Suggest and vote for new features | Report a bug

 
  • FDGWEB
  • Junior Member
  • Authorized Reseller
  • Join Date: 20-Aug 10
  • 110 posts

Posted 05 April 2016 - 10:32 PM #6

Glad we could help. :)


FDG Web, Inc - Seattle Web Design : Custom CS-Cart Programming & Design | Toll-Free: 877.239.3083

Download Proposal Templates & Web Design Contract Samples

 
  • netcraft
  • Newbie
  • Members
  • Join Date: 09-Nov 17
  • 5 posts

Posted 09 November 2017 - 01:55 PM #7

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

 

max_input_vars 10000 post_max_size 20M upload_max_filesize 16M

PLEASE HELP!!!!!



 
  • johnbol1
  • Never Re
  • Members
  • Join Date: 23-Feb 10
  • 4,103 posts

Posted 09 November 2017 - 03:13 PM #8

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

 

max_input_vars 10000 post_max_size 20M upload_max_filesize 16M

PLEASE HELP!!!!!

Speak to your host they can fix it


Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2


 
  • netcraft
  • Newbie
  • Members
  • Join Date: 09-Nov 17
  • 5 posts

Posted 09 November 2017 - 03:15 PM #9

Speak to your host they can fix it

 

what they can fix ?  i manage server myself and made all values  as suggested, is doesn't helped at all



 
  • johnbol1
  • Never Re
  • Members
  • Join Date: 23-Feb 10
  • 4,103 posts

Posted 09 November 2017 - 05:22 PM #10

your call


Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 9,994 posts

Posted 09 November 2017 - 10:22 PM #11

Have you verfied that after setting those values that they are in fact being set?  If you make them too big, there are compiled limits in PHP that will reject the request for increase.  Using 20M is probably overkill.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • netcraft
  • Newbie
  • Members
  • Join Date: 09-Nov 17
  • 5 posts

Posted 10 November 2017 - 10:52 AM #12

yes, all set. actually to me all this requirements make no sense at all as i just have problem only when

 

i click - my account - login, and when entered login/password  i get this error!

 

login/password entered Karl! not 10000 vars or post body > 10M just simple login form, so problem is not there



 
  • netcraft
  • Newbie
  • Members
  • Join Date: 09-Nov 17
  • 5 posts

Posted 10 November 2017 - 10:58 AM #13

When i click on link Login and enter login password - i see error

 

access Denied: Possible Csrf Attack

 

but normal web login form works ok

 

whats wrong ?

 

started to happen after last upgrade, using UniTheme

 



 

Posted 10 November 2017 - 12:33 PM #14

This notice appears if security_hash parameter is missing in the POST request. In most cases it happens if server truncates the request. The above solutions shoul help to resolve the problem. In some cases you may also need to increase the value of the pcre.backtrack_limit PHP directive.

 

If this does not help, please contact us via Help desk and provide access to your server so that we could examine the issue.

 

When i click on link Login and enter login password - i see error

 

access Denied: Possible Csrf Attack

 

but normal web login form works ok

 

whats wrong ?

 

started to happen after last upgrade, using UniTheme


Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • netcraft
  • Newbie
  • Members
  • Join Date: 09-Nov 17
  • 5 posts

Posted 10 November 2017 - 12:57 PM #15

you are right  security_hash  is not sent, have no idea why. sent support questiosn to all - cs-cart and uniTheme  dont know whos bug is it 



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 9,994 posts

Posted 10 November 2017 - 08:45 PM #16

I see this on occasion with clients who let their browsers auto-fill their logins.  I.e. the return_url is either invalid or is not valid for that account.  I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site).    I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.

 

Hope that helps.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.