UK2.net Firewall Issue - IP address barred

[alanc]

I use UK2.net as my hosting company and have install Contao to act as my CMS on various websites I have built.

To date (over 3 years) I have had no real issues. However twice recently I have received this message from contao.

Forbidden
You don't have permission to access /apps/Contao/contao/main.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This appears to happen randomly when I have tried to update some FAQ text for a particulat entry. Other entries in the same FAQ list are fine. I have got around this issue by creating a new record and copying the text across and deleting the offending entry.

However last week I couldn't access the CMS admin interface because UK2.net had barred my IP address because of a security issue.

They sent me this when I raised a ticket.

Thank you for your reply. There was a block on your IP address. It was triggered by our Security software. I am providing the information that the server returned below.

================================================== ================================================== ===================================
/var/log/lfd.log:Sep 5 14:28:19 cpanel36 lfd[493927]: (mod_security) mod_security triggered by 86.146.31.98 (GB/United Kingdom/host86-146-31-98.range86-146.btcentralplus.com): 5 in the last 300 secs - *Blocked in csf* [LF_MODSEC]

ModSecurity Errors (last 20):
340149 Atomicorp.com UNSUPPORTED DELAYED Rules: Potential Cross Site Scripting Attack
13 www.comberenterprises.co.uk/apps/Contao/contao/main.php "onclick="
1234123456 Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM 0, IQ 1, IP 0, IH 0, FL 0
2 www.comberenterprises.co.uk/apps/Contao/contao/main.php
================================================== ================================================== =================================

Essentially, the file "main.php" located in /home/comberen/public_html/apps/Contao/contao is a script that is running and triggering this security rule.

Fortunatly they have unbarred me and I can access Contao again and I sorted out the offending record by creating a new record and deleteing the old one.

Also it would appear that UK2.net have implemented stronger security measures. They sent me this.

I am sorry but we are not experienced with website development. As noted we have implemented stronger security measures including the use of mod_security, this may require an upgrade or modification of the CMS code. You may want to contact Contao CMS support for help with their product.

I am not a developer or have any real knowledge of Contao and wondered whether anyone could shine some light on this issue. I also have end users who access Contao to change content and am concerened they may come across the same issue and have their IP addresses banned.

Obviosuly the issue with the FAQ records causing this issue may be a red herring but it does seem to tie up.

Any ideas or suggestions?

Regards

Alan

[alanc]

I get the following message when I type in the text - www.myweightlosschallenge.com into a new news item I have created and try and save it.

Forbidden
You don't have permission to access /apps/Contao/contao/main.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

email urls seem fine as do other urls

I now seemed to have had my ip address banned again by uk2.net.

Any suggestions?

[alanc]

uk2.net have written some exceptions to the ModSecurity rules causing the blocks and are not IP specific.

Hopefully this has cured the problem. I have enter the same changes that caused the problem before and this time I haven't had any error messages.

[Namstel]

I too have encountered this issue, with both editing and saving CSS files and creating modules.
On my localhost server everything runs just fine, but not when I try it on a remote server.

So from what I gather, it has something to do with server settings. I would greatly appreciate it if someone could help me further, because it delays my development time greatly.

Thanks in advance.

[alanc]

I can't really help you. I don't have any technical knowledge of the area.

I think it's a firewall issue rather than a server config issue. A rule was set up by uk2.net to stop comment and forum spam which obviously the code in contao triggered. I have got around the issue by raising a ticket with uk2.net to provide me with an exception which they have done. Ideally if you are having similar issues we could do with a contao developer look in to this to see if the code can be altered to stop this hapenning. That's why I raised an issue on this forum to see if there was a code fix for this.

You don't say whether you are with uk2.net but all I can suggest is you raise a ticket with your hosting company.

Sorry I couldn't be of more help.

Regards

Alan

[Namstel]

According to another developer here, the logs showed that the problem was with mod_security.
We'll have someone disable it and then find out whether that did the trick.