06-25-2012, 05:48 PM
Here's the backstory. I know a little .php. As in, I can fumble my way through the code, I can tell what's going on, and if need be, I can edit it. I can create relatively simple new code from my own brain.
I run an online store for a company, and we are getting an error through the "modsecurity" opensource firewall that our host runs.
The error is:
ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pDescription. [file "/hsphere/local/config/httpd2/modsecurity-core-rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "155"] [id "960024"] [rev "2.2.4"] [msg "SQL Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data " />\\x0d\\x0a-"] [hostname "mywebsitename"] [uri "/xxxxxx/adminprods.php"] [unique_id "T@iWJn8AAAEADQkMVd4AAABK"]
I know the action that is tripping it. When I go to an existing item in our store, to edit it (it doesn't matter the editing done, any edit works) and click "submit" to have the database update the item, I'm setting off this error, and it is then locking down some of our inventory.
I say some, because there are some items that trigger it, and some that don't.
I can't seem to figure out what is causing it to trip.
Based on the SQL Character Anomaly Detection Alert - Repetative Non-Word Characters
I thought it was the "UPC" for the item (which had a repetitive string of numbers).
But, I checked, and changed three letters, that weren't repeating, and that fixed it.
So anyway. I'm looking for a PHP person, who can help me dissect the code, and see if I can figure out what the problem is. I would go back to the software's manufacturer, but they want an astronomical amount of money. I'm fairly confident even if I throw some cash at a fellow lurker to help me out, I'm going to come out ahead.
I run an online store for a company, and we are getting an error through the "modsecurity" opensource firewall that our host runs.
The error is:
ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pDescription. [file "/hsphere/local/config/httpd2/modsecurity-core-rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "155"] [id "960024"] [rev "2.2.4"] [msg "SQL Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data " />\\x0d\\x0a-"] [hostname "mywebsitename"] [uri "/xxxxxx/adminprods.php"] [unique_id "T@iWJn8AAAEADQkMVd4AAABK"]
I know the action that is tripping it. When I go to an existing item in our store, to edit it (it doesn't matter the editing done, any edit works) and click "submit" to have the database update the item, I'm setting off this error, and it is then locking down some of our inventory.
I say some, because there are some items that trigger it, and some that don't.
I can't seem to figure out what is causing it to trip.
Based on the SQL Character Anomaly Detection Alert - Repetative Non-Word Characters
I thought it was the "UPC" for the item (which had a repetitive string of numbers).
But, I checked, and changed three letters, that weren't repeating, and that fixed it.
So anyway. I'm looking for a PHP person, who can help me dissect the code, and see if I can figure out what the problem is. I would go back to the software's manufacturer, but they want an astronomical amount of money. I'm fairly confident even if I throw some cash at a fellow lurker to help me out, I'm going to come out ahead.
nobody ever slaughtered an entire school with a smart phone and a twitter account – they have, however, toppled governments. - Jim Wright