|
Greg Scherrer
|
November 3, 2014 at 11:05 am
On Saturday, we upgraded our site to version 4.4.4 of Event Espresso. That day, we also began seeing errors in our site’s error log, such as:
[Mon Nov 03 08:15:51 2014] [error] [client ###.###.###.###] ModSecurity: Access
denied with code 418 (phase 2). Matched phrase “message” at
ARGS:tkt-slctr-event-5111. [file
“(mod_sec configuration file)”] [line “253”] [id
“1990070”] [hostname “(hostname)”] [uri
“/events/wednesday-fellowship-dinner-2014-11-05/”] [unique_id
“VFeqN9BhtBoAACqvljwAAAAB”]
Clients get a 418 access denied error message and are unable to complete the registration process. (This occurs when clicking the Register button from the event details/ticket selector screen to progress to the screen where information is entered.)
I have opened a ticket with DreamHost support, who has acknowledged the issue and escalated to their firewall team. They reported that they have not received multiple reports of this issue, which makes me think that this might be an issue specific to version 4.4.4.
I’m writing simply to advise that there might be a potential conflict between something in the 4.4.4 update and DreamHost’s implementation of mod_security — just in case others are seeing similar behavior. At this time, I don’t think I need anything from Event Espresso support, but if you know of anything in the update that may have caused this, it may be worth looking into.
It could just as easily have been a timing coincidence of a change in the mod_security rules on the DreamHost side. I’ll report back once I have more information.
-Greg
|
|
Josh
|
November 3, 2014 at 11:40 am
Hi Greg,
We’re seeing the same issue on a site that has 4.4.3.p, so it’s likely a coincidence. Can you check to see if your host can allow base64decode within the mod_security rules?
|
|
Greg Scherrer
|
November 3, 2014 at 11:52 am
Josh,
Yes, I have passed along this information to DreamHost to append to their ticket. I’ll post back if/when I receive a response.
They have also suggested that it may be more expeditious for EE support and DreamHost to communicate directly to resolve this issue/issues. You can contact the support engineer I’m working with at mika.epstein [at] dreamhost.com.
Thanks,
-Greg
|
|
Josh
|
November 10, 2014 at 11:20 am
Hi Greg,
We got a reply from Mika and she said that they pushed an update to their mod security rules last week that should fix the issue. If it’s not cleared up for you, please open a ticket tith Dreamhost and they can investigate further.
|
|
Greg Scherrer
|
November 13, 2014 at 9:06 am
Josh,
Thanks for the update. I tried re-enabling Mod Security today, and the problem persists. I have disabled it once again and will open a ticket with them.
Thanks,
-Greg
|
|
Greg Scherrer
|
November 13, 2014 at 7:39 pm
Josh,
A final update — DreamHost tried, but hadn’t applied the rules correctly to our site. They have since corrected the problem by applying the new rule set. This worked fine.
Thanks for helping to point them in the right direction to get this fixed!
-Greg
|
