upgrading and mod_security - My Forums

upgrading and mod_security

spica8 — Mar 23, 2019, 01:10 PM

I try to update a 2.2.6-pl installation. I cannot install updatemodx, and also creating snippets is not possible. Seems to be a problem with active mod_security module that my hoster is not willing to deactivate.

So my question is: Does a higher version will have the same problem with mod_security? Will a manual upgrade under this hosting environment solve my problem?

Re: upgrading and mod_security

BobRay — Mar 26, 2019, 04:33 PM

OK, try this:

View the Manager with Chrome or Firefox and get ready to save a chunk.

Turn on Dev. Tools (Ctrl-shift-i) and watch the network tab.

Click on the "Save Button"

On the left side of the dev. tools window, you should see a call to index.php near the top. When you hover over it, you should see yoursit.com/connectors/index.php. Click on that line.

Just above the grid, you should see some tabs. Headers, Preview, Response.

The Headers tab will show you what got sent to the connector if you scroll all the way down. It will look something like this:

propdata: [{"name":"placeholder1","desc":"","xtype":"textfield" . . .

The Response tab will show you what came back from the processor. If things went well, it will look something like this:

{"success":true,"message":"","total":0,"data":[],"object":{"id":337,"name":"Test","description":"","locked":false,"category":0,"snippet":" ...

If something went wrong, it will often show a messy block of HTML containing an error message. If you paste that into a resource and view it, you'll see a nicely formatted error message with a stack trace that might help explain what's happening.

Re: upgrading and mod_security

spica8 — Mar 26, 2019, 09:45 AM

Quote from: BobRay at Mar 25, 2019, 05:44 PM

Can you save templates, plugins, and resources?

Yes.

Only snippets & chunks not.

Re: upgrading and mod_security

BobRay — Mar 25, 2019, 05:44 PM

Can you save templates, plugins, and resources?

Re: upgrading and mod_security

spica8 — Mar 25, 2019, 03:56 PM

Ah, maby we are getting closer.

Cant save a blank chunk. Endless saving dialog.

In the log

 [2019-03-25 16:47:08] (ERROR @ /index.php) [OnWebPageInit]1
[2019-03-25 16:47:08] (ERROR @ /index.php) [OnWebPageInit]1
[2019-03-25 16:47:18] (ERROR @ /secretmanager/index.php) [OnManagerPageInit]1
[2019-03-25 16:47:18] (ERROR @ /secretmanager/index.php) [OnBeforeManagerPageInit]1

Re: upgrading and mod_security

BobRay — Mar 25, 2019, 02:51 PM

With mod_security, the problem is usually intermittent, with some MODX objects saving and others not. If you try to save a completely blank chunk or a chunk that just contains the word "the" and can't, it's a sign that it might not be mod_security.

While mod_security is almost always the cause of your problem, there are a few other things you could check. A plugin that is attached to one of the system events that fire when a chunk or snippet is saved could be causing trouble. Disabling all plugins by right-clicking on them in the Elements tree, then manually deleting all files in the core/cache directory before testing would tell you if a plugin is the problem.

You could also have a MODX permission problem (though usually that will trigger an "Access Denied" message). Make yourself (temporarily) a sudo user. Flush permissions and log out all users, then log back in. If this solves the problem, it's a MODX permission issue.

Some people have reported saving problems when there is a mismatch between the MODX date_timezone System Setting and the corresponding settings for the server and PHP.

All that said, if you trigger the problem a bunch of times and note the time, your host should be able to look at the mod_security log and see which, if any, rules were violated during that time period. If your host isn't willing to do that, they're a crappy host, and you should move the site to a host that's more supportive.

Re: upgrading and mod_security

spica8 — Mar 25, 2019, 08:24 AM

Thanks for your input, nuan88. Unfortunately I have no access to configure nor to analyse what rules of mod_sec may cause the problem. As the the communication with the hoster is a back an for ping pong email conversation with different persons in the second level support I dont see any clear strategy.

But before I go into that conversation I would like to exclude any other reasons, that could lead to the error messeage. But I have no idea, if theres anything else, that could prohibit the system to write chunks or snippets. So any idea would be appreciated.

Maybe its somthing else, as I have been able to install and work with the system some time ago. And I have another installation at this hoster (but on another machine?) that is running without problems.

Re: upgrading and mod_security

nuan88 — Mar 24, 2019, 10:17 PM

mod_security is a package if you will of rules, any of which can be triggered. when that happens you see an inability to save things like snippets.

it will be based at least in part on the actual contents of the site, so its reasonable that not every site triggers mod_sec

for me, my site had pages that were very text-heavy, and these triggered mod_sec. having a page with, for example, 'casino' appearing 5 times was ok, 8 was not. there are many other rules that use subtle ways to look for viruses and other dangers.

one possible solution is for the hoster to simply remove mod_sec on the manager folder only. This is an internal folder with multiple safeguards already, and doing so has no effect on security. it is during internal actions (you as an admin creating snippets) that the rules are triggered.

I had to go through a whole process of triggering rules and having them relaxed, it was tough.

Re: upgrading and mod_security

spica8 — Mar 24, 2019, 11:53 AM

Had some correspondence with the hoster. mod_security is installed on all machines. But on other servers I have also modx installs that are running without that problem. Hm. Dont know where to investigate further.

Reinstalling updatemodx gives one strange line:

chunk_err_createArray
Error saving vehicle object of class modChunk; criteria: Array ( [name] => UpgradeMODXTpl ) 
snippet_err_createArray
Error saving vehicle object of class modSnippet; criteria: Array ( [name] => UpgradeMODXWidget ) 
Could not install related objects with locally owned keys for vehicle object of class modCategory; criteria: Array ( [category] => UpgradeMODX )

Re: upgrading and mod_security

BobRay — Mar 24, 2019, 05:01 AM

If mod_security is really the problem (and it sounds like it is), I don't think upgrading will solve your problem. If mod_security is preventing the site from saving snippets, that will be the case with any version of MODX.

FWIW: https://bobsguides.com/modx-friendly-hosts.html

No users I know of have reported any mod_security issues at any of the hosts on the list.