Support Forum

sp_Search Search
Advanced Search
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Page: 12Jump to page
general-topic
Multiple Issues - Can't Delete Posts, Can't Upload Files, Can't Open Admin Postbag, Can't Open Forum Tools
Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Go to Top
Jan 7, 2017 - 8:48 am

These are response headers. @mr-papa was actually asking about the response data portion - what is returned from the AJAX code itself. Some web consoles - or add-pons like Firebug - will show you the raw data and/or the html.

And what about Incapsula itself? If that is cacheing AJAX requests then that could do this every time. And would also explain the greater likelyhood of non-logged in users from having success. I would strongly suggest that you try disabling it, ensuring the cache is empty and then retrying some of these actions. If nothing else it can rule it out.

andy-signature.png
YELLOW
SWORDFISH
Avatar
Philip Treacy
Member
Free Members
sp_UserOfflineSmall Offline
Go to Top
Jan 8, 2017 - 8:23 am

I'm travelling at the moment so hard to find time to disable all plugins and test just now.

But I don't think it's Incapsula. It's been running for months and is configured not to cache any url containing excel-forum or admin-ajax.php

But just to make sure I turned off Incapsula, edited my hosts file to bypass Sucuri and Incapsula and make my PC resolve all requests direct to my server IP address, and cleared my browser cache.

I had exactly the same behaviour/problems.

When logged in I get 'Access denied - security check failed' clicking on About SP.

Why is it only when I am logged in?

Should the nonce change if you are logged in or out? I thought the nonce was generated once per day for the URL?

Can you check the response data? I'm not an expert in this and not sure what you are looking for.

But, for requests that don't work, the response data is either nothing (e.g clicking on View New Posts) or the error message e.g. I get this when I click on About SP

<script type="text/javascript">
jQuery(document).ready(function() {
spjDialogHtml('', '<div style="margin: 5px; border: 2px solid red; padding: 10px;"><p><img src="https://www.myonlinetraininghub.com/wp-content/plugins/simple-press/admin/resources/images/sp_Message.png" alt="" style="float:left; margin: -4px 10px 0 0;" /><b>Access denied - security check failed<br />Unable to complete the request</b></p><p><b>Please reload the page and retry the operation</b></p></div>', 'Security Alert', 0, 0, 'center', '');
});
</script>

And, when I click on View New Posts, why do the numbers beside Unread, Need Moderation and Spam disappear? Looks like SP is doing something?

Why does the backend work? SP uses nonces there too but works ok.

I'm obviously logged in here and this works, and this is through Sucuri and Incapsula.:

Request URL:https://www.myonlinetraininghu.....3880322705
Request Method:GET
Status Code:200
Remote Address:107.154.151.45:443

Response Headers
cache-control:no-cache, must-revalidate, max-age=0
content-encoding:gzip
content-type:text/html; charset=UTF-8
date:Sun, 08 Jan 2017 12:58:46 GMT
expires:Wed, 11 Jan 1984 05:00:00 GMT
ms-author-via:DAV
server:Sucuri/Cloudproxy
set-cookie:wp_woocommerce_session_ccfc1eea4cb0df53f8d6ab1799e139d7=b0090ce76cfb5c3d737339649834a936%7C%7C1484050570%7C%7C1484046970%7C%7C18ba26303a35909c86c9f26c0fc6edc8; expires=Tue, 10-Jan-2017 12:16:10 GMT; path=/
status:200
vary:Accept-Encoding
x-cdn:Incapsula
x-content-type-options:nosniff
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-frame-options:SAMEORIGIN
x-iinfo:10-186476748-186476430 PNNN RT(1483880324321 0) q(0 0 0 -1) r(17 17) U9
x-robots-tag:noindex
x-sucuri-id:11010
x-xss-protection:1; mode=block

Request Headers
:authority:www.myonlinetraininghub.com
:method:GET
:path:/wp-admin/admin-ajax.php?action=toolbox-loader&_wpnonce=01aff9dc77&loadform=toolbox&rnd=1483880322705
:scheme:https
accept:text/html, */*; q=0.01
accept-encoding:gzip, deflate, sdch, br
accept-language:en-GB,en-US;q=0.8,en;q=0.6
cookie:wordpress_sec_ccfc1eea4cb0df53f8d6ab1799e139d7=PhilipT%7C1484050648%7CLPFWsMN55EvikNcBfTUlTAfCqCs3oXRfM5il14qSHkU%7C015d7177de8f7ce5bb7f7d529b27d0640f03767d5aac530af6e9510a3c9c743c; PHPSESSID=13hhkalmdbvuruutsri9v3pq54; sucuri_cloudproxy_uuid_b6d4274a2=e6d64f8be949939ea1f83f799e20bc3c; _ew_31=MzF8MTIwLjIyLjI1LjIyMg%3D%3D; _ew_32=MzJ8MTIwLjIyLjI1LjIyMg%3D%3D; fca_tc_eoi_cf_o=eyI0MjQ4OSI6MX0%3D; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_ccfc1eea4cb0df53f8d6ab1799e139d7=PhilipT%7C1484050648%7CLPFWsMN55EvikNcBfTUlTAfCqCs3oXRfM5il14qSHkU%7C66096410f1bb4198f80cfd7f6b00a1f14948a99793398f7bfd525063849de50d; sforum_ccfc1eea4cb0df53f8d6ab1799e139d7=Philip+Treacy; wlm_user_sequential=1; wp-settings-74=m8%3Do%26m12%3Do%26m6%3Do%26m10%3Do%26m4%3Do%26editor%3Dhtml%26m7%3Do%26m3%3Do%26m2%3Do%26m1%3Do%26m5%3Do%26m0%3Do%26hidetb%3D1%26imgsize%3Dfull%26m13%3Do%26m9%3Do%26m14%3Do%26m11%3Do%26align%3Dleft%26libraryContent%3Dbrowse%26ed_size%3D700%26posts_list_mode%3Dlist%26unfold%3D1%26mfold%3Do; wp-settings-time-74=1483877850; _ga=GA1.2.839415898.1483877809; wp_woocommerce_session_ccfc1eea4cb0df53f8d6ab1799e139d7=b0090ce76cfb5c3d737339649834a936%7C%7C1484050570%7C%7C1484046970%7C%7C18ba26303a35909c86c9f26c0fc6edc8; visid_incap_806916=hrEylS/3TACgkeP8OKh3RHY3clgAAAAAQUIPAAAAAACQ68QLWM99Tr7VAOrrceDH; incap_ses_436_806916=cVaoVvrZ5Hj3nBo+5vsMBno3clgAAAAAAO4gEs9ciimF4O04537B2A==
referer:https://www.myonlinetraininghu.....oolbox.php
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
x-requested-with:XMLHttpRequest
Query String Parameters
view source
view URL encoded
action:toolbox-loader
_wpnonce:01aff9dc77
loadform:toolbox
rnd:1483880322705

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Go to Top
Jan 8, 2017 - 3:17 pm

Well the main reason we don't have an immediate answer is because nobody else comes close to having these problems. And when that happens the answer is invariably environmental and server or component related.

I agree with @mr-papa that paring things back to a clean slate with all plugins deactivated and even the theme changed for testing what is what might be the only way to trap the point of conflict. Unless he has any other ideas prior to doing that...?

andy-signature.png
YELLOW
SWORDFISH
Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Go to Top
Jan 8, 2017 - 3:22 pm

As an additional observation - and just for the record - if you are the only user accessing the admin then a rogue cache would still best explain what you are experiencing. You work in the admin and it would cache the nonce so your next trip in would use the same nonce and would therefore cause no issues. If you have a second admin account in SP it might be worth performing some actions with one account and then switching to the second to perform the same actions to see if they worked. If they failed - then caching becomes the most probable candidate. 

This is already perhaps the case on the front end of the site...

andy-signature.png
YELLOW
SWORDFISH
Page: 12Jump to page
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 617
Members: 17359
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10125
Posts: 79620