Support Forum
Support Forum
Offline
btw, I cannot really test subscribe or watch... need to be logged in...
also, you posted this from .htaccess
RewriteEngine On
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
looks mighty suspicious and not sure what its doing...
Visit Cruise Talk Central and Mr Papa's World
Offline
Hi
Am stil waiting for you to check from plugins!!!
i already sent to you message with login details.
Thank you
Offline
yup. just a busy day. Still waiting to hear back from you and your host on the 403 denied stuff too...
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa said
yup. just a busy day. Still waiting to hear back from you and your host on the 403 denied stuff too...
thank you for replay.
nothing yet...but last time they said nothing install there unless i installed some modules (I am on VPS server)
And for sure i didn't install anything, BTW..i have php.ini in root of my server..is there anything can we do thorough it ?
Thank you
Offline
did you try removing that stuff at the bottom of the .htaccess?? it does a redirect to 403 for some query arg checks which look rather greedy...
Visit Cruise Talk Central and Mr Papa's World
Offline
yup... same issue... 403 forbidden blocking of the URI with query string...
http://7gag.co/forum/?forum=4&.....038;page=1
GET /forum/?forum=4&topic=13&subscribe=user&forumslug=jokes-and-oddity&topicslug=night-classes&page=1 HTTP/1.1
Host: 7gag.co
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/problem-with-post-edit-buttontml,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://7gag.co/forum/jokes-and.....t-classes/
Cookie: __cfduid=dad7981d378c0efe0648e416e14c5d0451343352454; __utma=134686135.179653261.1343352461.1343438174.1343516768.3; __utmz=134686135.1343516768.3.3.utmcsr=simple-press.com|utmccn=(referral)|utmcmd=referral|utmcct=/support-forum/private-messaging/inbox/; wfvt_340468725=5014708b6a943; __utmb=134686135.4.10.1343516768; __utmc=134686135; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_9954d23301acb763f832f7c71d9d28d5=MrPapa%7C1344726394%7Ca742316b5e9a5bea3dddc97d15c7441a; sforum_9954d23301acb763f832f7c71d9d28d5=MrPapa
HTTP/1.1 403 Forbidden
Server: cloudflare-nginx
Date: Sat, 28 Jul 2012 23:07:45 GMT
Content-Type: text/problem-with-post-edit-buttontml; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
X-Pingback: http://7gag.co/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wfvt_340468725=50147096f405c; expires=Sat, 28-Jul-2012 23:37:02 GMT; path=/
Last-Modified: Sat, 28 Jul 2012 23:07:03 GMT
Content-Length: 86570
so need to figure out what is trying to be smart on your server and dorking with standard URIs with query args...
Visit Cruise Talk Central and Mr Papa's World
Offline
i really give up...i tried to turn off everything..same error.
What about plugins?
Thank you
Offline
plugins? you mean wp plugins?
well, the standard actions to test for some conflict would be to do this:
o first, temp switch to the default wp theme and try again... if works, theme issue... o then, deactivate all other plugins but simple press and try again... if works, then reactivate plugins one by one trying again until it breaks... then know the conflict...
then if we know the conflict, we can work to resolve...
worth trying, but unless its a security type plugin run amok, not likely to be interfering with URLs and query args... but does not hurt to try...
extremely hard to believe your host has not even responded to you yet - not the kind of support I would want 
should be real easy to tell if you they are running mod_security or not... if you have phpinfo() access, you might be able to run it and see if the apache module for mod_security is installed...
when you say turn everything off, does that mean you removed all that crap at the bottom of your .htaccess file that is scraping the URL greedily looking at the query args and issuing a 403 which btw is exactly what is happening...
Simple:Press Support wrote: >
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa said
plugins? you mean wp plugins?well, the standard actions to test for some conflict would be to do this:
o first, temp switch to the default wp theme and try again... if works, theme issue... o then, deactivate all other plugins but simple press and try again... if works, then reactivate plugins one by one trying again until it breaks... then know the conflict...
then if we know the conflict, we can work to resolve...
worth trying, but unless its a security type plugin run amok, not likely to be interfering with URLs and query args... but does not hurt to try...
extremely hard to believe your host has not even responded to you yet - not the kind of support I would want
should be real easy to tell if you they are running mod_security or not... if you have phpinfo() access, you might be able to run it and see if the apache module for mod_security is installed...
when you say turn everything off, does that mean you removed all that crap at the bottom of your .htaccess file that is scraping the URL greedily looking at the query args and issuing a 403 which btw is exactly what is happening...
Simple:Press Support wrote: >
should be real easy to tell if you they are running mod_security or not... if you have phpinfo() access, you might be able to run it and see if the apache module for mod_security is installed...Am really getting crazy...
I got answer from my host "We have not installed mod security on any of our server."
I download all files and run the site on local server (I used MAMP PRO)..with same DB and all plugins+.htaccess file (without removing anything)....
what do you think? it works like charm on local, But on live site..you see the errors.
What to do?
thank you
Offline
This is just going around in circles. Can you just remove that last entry in the .htaccess file and at least try it? And if it works you will need to find out what put it there and why. And if it doesn't you can put it back and we can think again.
 |
YELLOW
SWORDFISH
|
All RSS1 Guest(s)