TOPIC:

406 error after latest update 2 weeks 6 days ago #245515

  • kfrese's Avatar Topic Author
  • kfrese
  • Offline
  • Junior Breezer
  • Junior Breezer
  • Posts: 40
  • Thanks: 0
Will do

Please Log in or Create an account to join the conversation.

406 error after latest update 2 weeks 6 days ago #245525

  • kfrese's Avatar Topic Author
  • kfrese
  • Offline
  • Junior Breezer
  • Junior Breezer
  • Posts: 40
  • Thanks: 0
Marcus,

It is fixed now. Here is what happened... I have been repeatedly getting locked out of my Joomla site by Rochen when using BF. They made a tweak to help with the issue and this was the source of the problem.

Response...
I see you've been triggering a mod_security rule. I've disabled the rule in question on xxxx.com. Can you please confirm if this has changed the result? Thank you.

It still appears that using BF periodically triggers some sort of a security issue on my host and I don't understand why. It seems to occur when we are setting up a lot of forms and we always use webhooks. Now I'm guessing that something about the webhook implementation looks like an attack of some sort. I'd welcome any ideas if you have any regarding correcting this.

Please Log in or Create an account to join the conversation.

Last edit: Post by kfrese.

406 error after latest update 2 weeks 6 days ago #245528

  • TheMuffinMan's Avatar
  • TheMuffinMan
  • Offline
  • Developer
  • Developer
  • Posts: 9789
  • Karma: 167
  • Thanks: 785
Hi,

yeah, I was thinking it would be something like this. To be honest, first time I hear a hosting company was willing to adjust/remove the affected mod_security rule.

The problem with these rules is that they are usually custom-made so it is hard for me to find out which of the parameters look suspicious.

It can be for example you are using a submit piece and echo a script tag that is supposed to trigger some javascript.

Some mod_security setups will then fire, thinking a XSS attack has been passed.

I also had a case where the name of the parameter caused a rejection. Namely the "act" parameter as it was used in some other, BF and Joomla unrelated attack vector that they were simply looking for and then halting the request.

Really depends on the case.

Regards,
Markus

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
  • 2
Moderators: ForumSupport
Time to create page: 0.046 seconds

BreezingForms Pro 1.4.7 for WordPress Released!

Available in the membership section.

Summer Sale!

Massive discounts on all subscriptions!

Get Your Subscription Here

Quick Links

Downloads

BreezingForms

ContentBuilder

BreezingCommerce

Templates

Documentation

BreezingForms

ContentBuilder

BreezingCommerce

Apprendre BreezingForms (French Community)

Apprendre et maîtriser BreezingForms par des tutoriels et exemples, le tout en français

breezingforms.eddy-vh.com

Questions et réponses sur les forums de l'AFUJ

AFUJ

Special Offer

Summer Sale! All subscriptions at a special price!

Includes prio support, all of our current and future Joomla!® extensions and Joomla!® templates for the duration of your membership.

Get it from here

3rd Party Discount - 25% Off

We help you to keep your costs under control. If you are a new member and purchased a form building tool from a different form vendor, then you'll get a 25% discount on our subscription plans.

How to receive the discount:

Send us a quick email to sales@crosstec.org with a proof of purchase (for example a paypal receipt), await payment instructions and enjoy your membership!