Placeholder / broken settings after moving to another server

carstengrimm · October 11, 2018, 2:21pm

ATTENTION!

Beta 2 latest

I have transitioned to another server and migrated a identical copy to my new host. I also put the new database inside the config file and obviously migrated all mysql data.

Login and everything seems to work just fine, however it does not show any language but output placeholders. such as

fi.view_approved_quotes
fi.view_payments

and so on. While navigating though the menu all options such as quotes, invoices seem to work just fine (but with placeholders…).

when trying to go to the system settings page ( url.ext/settings ) i’ll land on an error page saying “Whoops, looks like something went wrong.”

So i was wondering if there’s anything else i have to adjust to fix my moved installation (path, base, url etc.pp)

carstengrimm · October 12, 2018, 1:33pm

i assume my domain’s dns didn’t propagate when i had the issues, so my server most likely wasn’t able to result in properly loading a few files here and there.

Otherwise it could’ve been an issue uploading via root user instead of a user - where root has not proper permission to execute. It’s either this or that. Managed to get issues with both things so as a reference…

Kovah · October 12, 2018, 1:50pm

Which version are you using? There is no beta 2.

carstengrimm · October 12, 2018, 2:30pm

2.0.0 Alpha 1
Anyhow, i noticed i am still getting a few errors here and there after accessing several subpages with a

Forbidden
You don't have permission to access / on this server.

Message. DNS should work just fine by now. Has been over 24h hours after I changed the record. (i guess). Can’t find any sort of info if my request gets blocked due to “being too quick”, as well as using another browser or private mode will “reset” the error until i access too much pages yet again…

carstengrimm · October 12, 2018, 3:11pm

[Fri Oct 12 17:07:00.968843 2018] [:error] [pid 3602:tid 140612032325376] [clien                                        t 95.223.233.xx:57378] [client 95.223.233.xx] ModSecurity: Access denied with co                                        de 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d                                        ]*)+" at REQUEST_COOKIES:XSRF-TOKEN.

[file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] 
[msg "SQL Hex Encoding Identified"]
[data "Matched Data: V0XC9C found within REQUEST_COOKIES:XSRF-TOKEN: eyJpdiI6IlcwbGNpaCsxc3pZK3FEazhHWUlC                                        d2c9PSIsInZhbHVlIjoiN21MUm9UQ2x3V2xaRGhTWmtqVEFwdVQ1c1ROZ3p5dlh2c2lBcmViNzJhZTlF                                        Rkl1T3RkYWV0XC9CMkVlWDFqRTJraUFjNDVTWnNpTVFmY1hXZGU1M0xRPT0iLCJtYWMiOiJkZjk2OWNl                                        Mjg5NTdjNWJjYmM1YjAxNmJjOTI1ODJjYTZmYjkwNzZkZTk0M2M2ZDM2NmU4ZThkNjZhYmM4NzM2In0=                                        "] 
[severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [                                        tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP                                        _10/A1"] 
[tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] 
[hostname "k.domain.ext] [uri "/favicon.ico"] 
[unique_id "W8C4lCnVhTmFc-YhJcnZEAAAAMI"]

ok seems like there’s something going on with firewall-ish,

in this case i am settting the a rule exception to mod_security with the ID above and investigate further.

SecRuleRemoveById 981260

miquel_cabanas · October 12, 2018, 4:04pm

Although you probably know it, just in case, check this tutorial

Handling False Positives with the OWASP ModSecurity Core Rule Set
https://www.netnea.com/cms/apache-tutorial-8_handling-false-positives-modsecurity-core-rule-set/

that explains how to deal with false positives and create exceptions for a particular application.

There is also this free book,

ModSecurity Handbook: Getting Started 2ed
By Christian Folini, Ivan Ristić
https://www.feistyduck.com/library/modsecurity-handbook-2ed-free/

Last, I wonder whether this issue may explain some of the strange problems reported occasionally on this forum.

carstengrimm · October 12, 2018, 6:40pm

i haven’t encountered something like that before on any other server but i’m not sure if those webhosts had any sort of “good protection” while now i have much more freedom setting things how i want.

so i assume it’s much more strict now but i still wonder why it reports as sql injection when it’s just calling simple urls. I wonder how many people are facing error 403 pages here. If someone can resolve his issue with these hints, it’s a pleasure though.

miquel_cabanas · October 12, 2018, 8:59pm

A search for “403” returns 31 results, and although not all may have the same cause, we will be able to point them to check this one.

carstengrimm · October 13, 2018, 6:59pm

after changing my mod_security settings as well as the DNS being completely “live” i haven’t gotten any 403 error anymore.