403 Forbidden after step 1

Hi Martin,

Are you using multisite or WPML for translating your site?

Cheers,
Jeroen

Hi Jeroen,

It’s not multisite, one of the installs translated with WPML, 2 others are in subfolders and completely separate installs.

I am having the same issue on the install with and without WPML.

Greetings,
Martin

Hi Martin,

Hmm, very strange..
What are the file permissions that you’ve got setup on the /wp-admin/admin.php script?

Maybe your server is configured to now allow POST requests on the admin? (maybe for some prevention..?)

Or maybe there’s some input field on the coupons section that the server doesn’t like, if you know what I mean; could you remove all but one simple coupon field from the page source and see if it allows you to post that?

Cheers,
Jeroen

Hi Jeroen,

/wp-admin/admin.php permissions are 644.

I don’t think so, never had a similar issue with any other plugin or trying to post something. It’s the first time having an issue like this.

I have tested with the most simple coupon and it didn’t work, same error.

Any idea what could cause the problem?

Thanks for your help.

Greetings,
Martin

Hi Martin,

I didn’t mean to create a simple coupon, but try to remove all but one or two fields like so: https://cl.ly/1D3a2Q0Z1s3H

This can check if maybe your host is finding a specific field offending.
I’ve only heard about this once I think in the forums, but that user never replied so no solution either.
If this doesn’t give any results, I’d recommend to contact your host to see if they have any idea/insights on it.

Unfortunately I can’t replicate this in any way, so I can’t do much in terms of debugging with this (seems very host specific).

Cheers,
Jeroen

Hi Jeroen,

Still same problem, even after removing all fields.

I will contact my host and ask what could cause the problem.

Thanks for your help!

Greetings,
Martin

Hi Jeroen,

I managed to solve the issue – it was connected to the server firewall. Switching it off allowed me to generate the codes successfully.

I am attaching the server logs in case you want to review the plugin and make some improvements, since it was not the first time someone had a similar problem:

80.136.160.97 – – [05/Apr/2018:14:26:55 +0200] “POST /de/wp-admin/admin.php?page=woocommerce_coupon_generator&step=2 HTTP/1.1” 403 230 “https://napogloves.com/de/wp-admin/admin.php?page=woocommerce_coupon_generator&step=2” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6” 3285 597 26745 -% 10196 – – – DE 3026 0 0 5 0 0 0 5

[Thu Apr 05 14:26:55.197588 2018] [:error] [pid 26745] [client 80.136.160.97:61817] [client 80.136.160.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match “[\\\\[\\\\]\
\\\x22′,()\\\\.]{10}$|(?:union\\\\s+all\\\\s+select\\\\s+(?:(?:null|\\\\d+),?)+|order\\\\s+by\\\\s+\\\\d{1,4}|(?:and|or)\\\\s+\\\\d{4}=\\\\d{4}|waitfor\\\\s+delay\\\\s+’\\\\d+:\\\\d+:\\\
\d+’|(?:select|and|or)\\\\s+(?:(?:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s*=\\\\s*(?:dbms_pipe\\\\.receive_mes …” at ARGS:_wp_http_referer. [file “/home/tools/global/various/CWAF/rules/2
4_SQL_SQLi.conf”] [line “67”] [id “218500”] [rev “7”] [msg “COMODO WAF: SQLmap attack detected||napogloves.com|F|2”] [data “Matched Data: or&step=2 found within ARGS:_wp_http_referer: /d
e/wp-admin/admin.php?page=woocommerce_coupon_generator&step=2”] [severity “CRITICAL”] [tag “CWAF”] [tag “SQLi”] [hostname “napogloves.com”] [uri “/de/wp-admin/admin.php”] [unique_id “WsY
WD8PyXAgAAGSGkH4AAAAY”], referer: https://napogloves.com/de/wp-admin/admin.php?page=woocommerce_coupon_generator&step=2

Thanks for your help!

Greetings,
Martin

Glad to hear you found/solved it Martin!

I’ll see if I can do something about changing the URL, (seems like it gets caught on the ‘or&step=2’ part, catching ‘or’ as SQL hack attempt).

Cheers,
Jeroen