Can’t Save Widget get a 403 error on admin-ajax.php

  • Resolved Garrett Hyder

    (@garrett-eclipse)


    7 years, 8 months ago

    Hello,

    Wanted to share an issue I came across when trying to save the Widget on our new host.

    When I tried to save it gave me a 403 error on admin-ajax.php in the js Console;

    POST https://listelhotel.com/wp-admin/admin-ajax.php 403 ()
    (anonymous) @ VM280:2
    send @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:4
    ajax @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:4
    n.(anonymous function) @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:4
    save @ load-scripts.php?c=0&load[]=hoverIntent,common,admin-bar,jquery-ui-position,wp-pointer,jquery-ui-dr…:38
    (anonymous) @ load-scripts.php?c=0&load[]=hoverIntent,common,admin-bar,jquery-ui-position,wp-pointer,jquery-ui-dr…:38
    dispatch @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:3
    r.handle @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:3

    To workaround this issue I disabled ModSecurity through cPanel temporarily which allowed me to save without issue.

    I’ve opened a ticket with my host to see if they can determine if ModSecurity rules need updating or if there’s anything that can be done through the plugin to avoid this issue. When I get a response will update this thread.

    All the best,
    Cheers

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Garrett Hyder

    (@garrett-eclipse)

    My hosting provider got back to me and indicated that it was definitely an issue with ModSecurity and that they whitelisted the rule that triggered the issue.

    Plugin Author Anastis Sourgoutsidis

    (@anastis)

    Thanks for sharing Garrett.
    We also have ModSecurity on our server but we never had a rule conflicting with the plugin.

    It all depends on the ruleset ModSecurity utilizes. The stricter the better, it does however conflicts with legitimate uses.

    It would be beneficial to know which rule was triggered, or even what kind of info was in the widget. Sometimes simple things like having the words “select” and “where” in the same line are enough to trigger rules that help deal with SQL injection.

    Anyhow, glad you solved it and thanks for sharing ??

    Thread Starter Garrett Hyder

    (@garrett-eclipse)

    No worries Anastis,

    Sadly I couldn’t coerce the rule information from the host, when I asked about it to update this ticket all they said was that it was a ModSecurity rule and wouldn’t provide any further details. Sorry wish I had more information.

    See below for the serialized array for all the socials ignited widgets;
    a:7:{i:3;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}i:7;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}i:8;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}i:9;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}i:10;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}i:11;a:12:{s:5:"title";s:6:"Social";s:5:"color";s:7:"#ffffff";s:16:"background_color";s:7:"#9a9a9c";s:4:"size";i:20;s:15:"background_size";i:32;s:13:"border_radius";i:60;s:12:"border_color";s:0:"";s:12:"border_width";i:0;s:7:"opacity";d:1;s:7:"new_win";s:2:"on";s:8:"nofollow";s:0:"";s:5:"icons";a:3:{i:0;a:3:{s:4:"icon";s:11:"fa-facebook";s:3:"url";s:47:"https://www.facebook.com/thelistelhotelwhistler";s:5:"title";s:0:"";}i:1;a:3:{s:4:"icon";s:10:"fa-twitter";s:3:"url";s:34:"https://twitter.com/ListelWhistler";s:5:"title";s:0:"";}i:2;a:3:{s:4:"icon";s:14:"fa-tripadvisor";s:3:"url";s:120:"https://www.tripadvisor.ca/Hotel_Review-g154948-d184245-Reviews-The_Listel_Hotel_Whistler-Whistler_British_Columbia.html";s:5:"title";s:0:"";}}}s:12:"_multiwidget";i:1;}

    That would be what was being saved and flagged the ModSecurity rule.
    Hope that helps.

    Cheers

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can’t Save Widget get a 403 error on admin-ajax.php’ is closed to new replies.