We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Answered Site name and modx version still missing from header

    • 10525
    • 247 Posts
    Gav Reply #11, 8 years, 9 months ago
    Hmm, turns out modx doesn't like the plugin code. If I try saving the plugin with something simpler, like
    $versionCheck = '
 Ext.onReady(function() {
   var topNav = document.getElementById("modx-topnav");
 });
';
    it saves, but not the full code block.

    I get the following in the error log:
    [Fri Jul 24 23:15:08 2015] [error] [client 188.4.70.74] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "298"] [id "340147"] [rev "134"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potential Cross Site Scripting Attack"] [data "<script"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\\\\%env)" at ARGS:plugincode. [hostname "www.mydomain.com"] [uri "/connectors/index.php"] [unique_id "VbK14IK5lbofAAgtcigAABBH"]

    Something tripping the security rules...
      • 3749
      • 24,544 Posts
      BobRay Reply #12, 8 years, 9 months ago
      For getting the version number on sites without the display, I usually go to Settings->System Settings, put 'version' in the search box at the upper right, and press enter.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
        • 42562
        • 1,145 Posts
        donshakespeare Reply #13, 8 years, 9 months ago
        Quote from: Gav at Jul 24, 2015, 10:27 PM
        Hmm, turns out modx doesn't like the plugin code. If I try saving the plugin with something simpler...
        The plugin is so simple that to MODx it is insignificant. This is not a MODx problem as far as I see it.

        Seems your server or chrome or whatever else-other-than-MODx is working over time to protect you against friends and foes alike; it is being a bit too officious if you ask me.

        Try a test:
        Clean out the plugin, paste this:
        $modx->regClientStartupHTMLBlock("<script>alert('Simple Alert Test')</script>");

          TinymceWrapper: Complete back/frontend content solution.
          Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
          5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
          • 3749
          • 24,544 Posts
          BobRay Reply #14, 8 years, 9 months ago
          That's definitely an aggressive modx_security setting by your host. A good host will relax it if you ask (and you should because it will break some MODX extras).

          If the host won't help, see this: http://bobsguides.com/modx-friendly-hosts.html
            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
            • 10525
            • 247 Posts
            Gav Reply #15, 8 years, 9 months ago
            Correct gents, it isn't a MODx problem and is indeed an overly-defensive mod-security setting. It's all managed via Plesk, with a rule-set suplied from Atomic.

            I'll track down the offending rule and exclude it.

            (I'm now managing my own linux server, learning as I go. Hopefully one day it'll make things faster ;-) )