When I save certain snippets, it shows the "Unauthorized page"

Quote from: heavensbest at May 07, 2010, 08:45 PM

So, that was fun. I guess my host or something changed something because what used to be save-able (sp?) in modx, is now not.

So is there a proper way to do a nested query like this that won’t cause me to go crazy?

I really appreciate your help. I may yet try the modifications to the .htaccess file. I just don’t want to creat a security risk.

Disabling the mod_security rules that are causing your problem is the only "proper way" to allow your code through, IMO. Unless folks have a login to your site, their POST data will be rejected by MODx anyway; all mod_security is doing is rejecting your valid POST data.

So I had this same issue again. But this time it was:


I tried modifying the mod_security rules using the link mentioned, but got Apache errors. So I contacted my hosting company and they said I can’t modify the SecFilterEngine and SecFilterScanPOST directives. So they went in and had to change some permission settings. It still didn’t work because it was hitting a second mod_security issue. So they whitelisted my domain for that rule.

So it works now again. But is that safe to have the hosting company whitelisting my domain for security rules?

In the vast majority of cases these security settings only provide some level of protection against sloppy code. MODx core is fine, as are the major third-party snippets. Just pay attention to proper coding practices in any code you write, particularly the handling of any user form input, and you’ll be fine.

thanks