Mod Security Error Upgrading From 4.8.1 To 4.9.2

carterj · January 2, 2020, 12:00am

Upgrading from 4.8.1 to 4.9.2 and now I have 2 issues:

1. Mod_Security Error: An appropriate representation of the requested resource could not be found on this server. This happens when I try saving under settings:company OR Store:.

I also notice that "vendor:" does not appear in front of my domain like my other site does, which upgraded fine to 4.11.2.

2. Doman is not rewriting to add the "www" in front of the domain name anymore.

I have restored the updates from 4.8.1 three times, still get the same condition. Compared files, reset permissions, no 3rd party add-ons, cleared cache. I'm thinking maybe a corrupt file or from a previous install I never realized until now.

Does anyone have any ideas I'm missing?

soft-solid · January 2, 2020, 12:00am

Hello

Did you try disable mod_security on server ?

Best regards

Robert

carterj · January 2, 2020, 12:00am

Yup, did that too, but I think my isp overides my setting since I still get the message.

soft-solid · January 2, 2020, 12:00am

Hello

mod_security has many rules in its settings. Probably a rule causes problems. An analysis of the web server logs would definitely be helpful. Ask your ISP to disable mod_security for testing. The second issue is access to the rules management capabilities of this module (mod_security). You must get them.

Best regards

Robert

carterj · January 2, 2020, 12:00am

Something I just noticed with url rewriting:

On my site that is working, after I click save on the company info it comes back with: dispatch=companies.update&company_id=1&selected_section=detailed

On the site having issues: after I click on save, the URL redirects to the .php?

I can't find any difference in the .htaccess or config files with the other site that is working. Could there be a rewrite reference in another file or the DB?

soft-solid · January 2, 2020, 12:00am

Hello

Mod_security probably truncates the request. I am not a specialist but I once had a similar case. Editing mod_security rules helped.

Best regards

Robert

ecomlabs · January 5, 2020, 12:00am

Please check the mod_security section here

https://docs.cs-cart.com/latest/install/system_requirements.html

carterj · January 20, 2020, 12:00am

Thanks for the link. This is good reference. Now it's up to convincing the Host Provider to modify for my instance. :(

thecigarhut · March 14, 2022, 12:00am

Please check the mod_security section here

https://docs.cs-cart.com/latest/install/system_requirements.html

as per the linked rule set here:

mod_security should be disabled; if you donâ€™t want to disable it fully, configure it to work with CS-Cart as described in this file;

the customer rules in the mod_security.txt file seem to be outdated.
when trying to add them to cPanel at

Edit Custom ModSecurityâ„¢ Rules

page I get the following error:

Error: The following rule did not have an ID: # Enable XML request body parser. # Initiate XML Processor in case of xml content-type # SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"

I really dislike having to disable this level of security on my site(s) and wonder if there is an updated version of the custom rule set for mod_security