Contao 3.5 version restore problem and access to StyleSheets

[tetrijeb]

Hi to all,

I have installed Contao 3.5, and now I am trying to setup a new website. Everything is as expected except two major problems:

1. Whenever I try to restore previous version of some article, module etc. I am getting error as shown in image version_error.png. Any advice?

RESOLVED AFTER SYSTEM UPDATE TO 3.5.2

2. I have made entire structure of website locally with XAMPP. After that I moved the installation to the live server. But, now I am facing the problem with accessing the Style Sheets area. Although, it all worked fine with XAMPP, after migration I am getting the error: "Forbidden! You do not have permission to access this document." What could went wrong here?

Thanks in advance.

[Andreas]

First try to run the install tool again example.org/contao/install.php

[tetrijeb]

First try to run the install tool again example.org/contao/install.php

I've tried but still I can't access to the Style Sheets area. Weird. :/

[xchs]

There could be a web server firewall rule blocking the access (mod_security issue?).

Did you already run the Contao check on the live server?

[tetrijeb]

There could be a web server firewall rule blocking the access (mod_security issue?).

Did you already run the Contao check on the live server?

I did. Everything is "up to date". As I can see, only access to the table tl_styles is blocked by this message, so I will continue my investigation in that direction.

[xchs]

As I can see, only access to the table tl_styles is blocked by this message

That is why I suspected a server firewall rule blocking the access to this special URL. There could be a certain keyword that matches one of the intrusion patterns. Do you have access to the web server log files?

[tetrijeb]

I took this from the error_log file:

[Fri Aug 07 23:57:56 2015] [error] [client 31.223.132.108] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)((?:=|U\\\\s*R\\\\s*L\\\\s*\\\\()\\\\s*[^>]*\\\\s*S\\\\s*C\\\\s*R\\\\s*I\\\\s*P\\\\s*T\\\\s*: |:|[\\\\s\\\\S]allowscriptaccess[\\\\s\\\\S]|[\\\\s\\\\S]src[\\\\s\\\\S]|[\\\\s\\\\S]data:text\\\\/html[\\\\s\\\\S]|[\\\\s\\\\S]xlink:href[\\\\s\\\\S]|[\\\\s\\\\S]base64[\\\\s\\\\S]|[\\\\s\\\\S]xmlns[\\\\s\\\\S]|[\\\\s\\\\S]xht ..." at ARGS:table. [file "/etc/httpd/conf/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_41_xss_attacks.conf"] [line "28"] [id "973338"] [rev "1"] [msg "XSS Filter - Category 3: Javascript URI Vector"] [data "Matched Data: _style_ found within ARGS:table: tl_style_sheet"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "********"] [uri "/contao/main.php"] [unique_id "VcUp5H8AAAEAAEkvPGYAAAAH"]

PS. Correction for the post above: Affected table is tl_style_sheets.

[xchs]

Yep, that's exactly what I thought. The mod_security module is blocking the URL which you want to access. You'd probably have to contact the provider to change the pattern or to enable an exception for the intrusion rule.

[tetrijeb]

Okay, it seems that I have no other choice.

You probably save me a lot of time which I would spend trying to sort out the reason by myself.

Thanks.

[xchs]

I'm not an expert in regards of this matter but it seems that the firewall pattern matches the keyword "_style_" within the URL. Can you open an URL such as http://example.com/?foo=bar_style_baz (replace example.com with your actual domain name)

[tetrijeb]

I'm not an expert in regards of this matter but it seems that the firewall pattern matches the keyword "_style_" within the URL. Can you open an URL such as http://example.com/?foo=bar_style_baz (replace example.com with your actual domain name)

I am getting "Test page for the Apache HTTP Server..."

"This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly...."

[xchs]

Okay, what about one of these URLs:

http://example.com/index.php?table=foo_style_bar
http://example.com/index.html?table=foo_style_bar
http://example.com/contao/index.php?table=foo_style_bar

[tetrijeb]

http://example.com/index.php?table=foo_style_bar 403 Forbidden
http://example.com/index.html?table=foo_style_bar 403 Forbidden
http://example.com/contao/index.php?table=foo_style_bar 403 Forbidden

[xchs]

Fine. Then I'd say it is something with the keyword "_style_" (within the URL parameters) as I already mentioned above.

Okay, whatever. Please contact your hosting provider or the server administrator and show him the log file entry you posted above and tell him that it comes from a valid URL of the CMS and that it does no harm at all. He will hopefully know what to do.

[tetrijeb]

[tetrijeb]

UPDATE - After I have contacted the support, problem has been resolved by their intervention.

[xchs]

*thumbsup*