'Other Options' not saving – returning 404 error

I have the exact same problem an found no solutions, anyone ?

I’ve finally found what was not working at least in my case: on my httpd server I disabled mod_security module and now I can save my nextgen gallery options without having a forbidden error.

What’s funny it’s that I did all that mess only to add lightbox in “ligntbox effects” to my gallery and when I finally enabled the effect is still not working. Do I need to smile or to cry ??? to be continued….

(you can find more mod_security infos here if you are not familiar with it: https://www.inmotionhosting.com/support/website/modsecurity/what-is-modsecurity-and-why-is-it-important)

@jamin87 – Would you be able to submit a Bug Report (https://www.nextgen-gallery.com/report-bug/ … please reference this topic) so we can get a closer look at your site and help you get this sorted out.

We will likely need log in credentials for your WordPress installation and also likely need FTP credentials, too. Please include those with the Bug Report, too.

Thanks!

– Cais.

Hi,

I have the very same error. Can you tell us about the solution ?

EDIT: I tried to disable the mod_security throught to .htaccess without any result.

I realise this isn’t any help to anyone but my problem seemed to have fixed itself. I only tried what I’ve said above and the only other thing I can think of is that I fixed it before and some sort of caching issue was effecting it.

Sorry I can’t be much more help.

@jamin87 – Thanks for the feedback and letting us know the issue has resolved itself … we have been seeing other caching type issues coming and going much along the same lines.

… et al. – If you are still seeing a similar issue, please create your own topic so we can try to help you sort out your specific issue.

Thanks!

– Cais.

I have just helped a customer out with this same problem… Modsecurity is blocking the requests from the nextgen admin page due to rule interceptions.

Match of “rx ://%{SERVER_NAME}/” against “ARGS:highslide[css_stylesheets]”

An argument highslide[css_stylesheets] contains the server name.

This rule exists in Atomic Security’s delayed ruleset rules #340464 and #340465 – you can ack your host to exclude these rules, or better still ask NextGen to improve their code to avoid the issue.

@santrix – Thanks for that information. Would you happen to have specific links to those particular rulesets? I have not been able to Google anything for reference.

– Cais.

The ASL delayed rulesets in question are actually deprecated now by ASL, but the actual regex’s used are still valid tests against remote code injection attacks. I’m not sure what the rules are on the real-time ASL rulesets but will check.

@santrix – Thanks, we would be more than happy to try to sort this out … I’m just trying to track down the specific references for our developers to review with.

We really appreciate your time helping with this.

– Cais.

Your dev would need to get their head round the SecRule syntax – but here are the two SecRule statements that make up the chain for rule 340464. As I say, though, we are dropping this ruleset soon, so it may be that it ceases to be an issue for you and more people find a different ruleset to use.

SecRule ARGS|!ARGS:/banner/|!ARGS:/option/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:facebook|!ARGS:/twitter/|!ARGS:/facebook/|!ARGS:/pinterest/|!ARGS:youtube|!ARGS:myspace|!ARGS:form|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/include/|!ARGS:/pagination/|!ARGS:/link/|!ARGS:/image/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:/button/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:/domain/|!ARGS:opphomepage|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:content|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/button/|!ARGS:/facebook/|!ARGS:/pinterest/|!ARGS:/youtube/|!ARGS:/affredir/|!ARGS:helpbox|!ARGS:return|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:thelink|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/element/|!ARGS:/google/|!ARGS:courier_tracking|!ARGS:/field_id/|!ARGS:/social_profile/ "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,t:lowercase,multimatch,id:340464,rev:53,severity:2,msg:'Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)',deny,status:403"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

@santrix – Do you have a scheduled deprecation timeline on that ruleset? Obviously we want things to be safe and secure, the timeline is so we know where to insert this into our schedules.

Thanks!

– Cais.

Well, the ruleset is already deprecated, so it’s a case of which hosting companies are still using them. We are still running a number of them as they still make sense, but we will be moving away from them soon. You now can see the rule which gave you the problem. I would try to find from other customers which rule stopped them (they will have to get this from their respective hosters) and look for similarities in the regex.

I have upgraded to the latest version of NextGen gallery all I see now are the thumbnail images, when I click to go to the slide show I get a 404 error.

This is now getting so annoying, especially that there about 30 images that I do not want to lose across a few galleries.

I am experiencing the same issue. I have tried inputting this code

SecRule ARGS|!ARGS:/banner/|!ARGS:/option/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:facebook|!ARGS:/twitter/|!ARGS:/facebook/|!ARGS:/pinterest/|!ARGS:youtube|!ARGS:myspace|!ARGS:form|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/include/|!ARGS:/pagination/|!ARGS:/link/|!ARGS:/image/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:/button/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:/domain/|!ARGS:opphomepage|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:content|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/button/|!ARGS:/facebook/|!ARGS:/pinterest/|!ARGS:/youtube/|!ARGS:/affredir/|!ARGS:helpbox|!ARGS:return|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:thelink|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/element/|!ARGS:/google/|!ARGS:courier_tracking|!ARGS:/field_id/|!ARGS:/social_profile/ "^(?:ogg|gopher|data|php|zlib|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,t:lowercase,multimatch,id:340464,rev:53,severity:2,msg:'Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (admin.php)',deny,status:403"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

And it didn’t work for me. Any tips or ideas on how to handle this situation? I have set the lightbox to fancybox and that is no longer working. This plugin is a little frustrating with the new changes and updates. Any help would be appreciated.