Error 403: Forbidden « Gravity Support Forums

Gravity Support Forums » Plugin Support » Gravity Forms

amyd
Member

I keep getting this error when I try to update changes to a field:

Error 403: Forbidden

Your PHP settings have been disabled by an H-Sphere administrator.

Your current PHP configuration:
This configuration was changed: Tue Nov 13 08:01:53 UTC 2012

Please bring your PHP configuration in compliance with admin settings or request your administrator to re-enable support of your settings.

I emailed my server/host and they said the following:
Apparently, the add-on you're using is tripping an SQL Injection rule. It's good to know that my server admins have safeguards in place to avoid such an attack, but I'm sorry it doesn't resolve your issue. Perhaps you can look for an update to the add-on that seems to be the culprit?

Is there anything I can do to fix it?

Posted 11 years ago on Tuesday November 13, 2012 | Permalink
David Peralty

Could you get any more information from them on what exactly they mean. Any more details we could get would help greatly as Gravity Forms is a pretty large product.

Posted 11 years ago on Tuesday November 13, 2012 | Permalink
amyd
Member

Hi David,

Here is the rest of the email he sent:

Here is the error being generated:

[Tue Nov 06 10:20:32 2012] [error] [client 108.9.221.232] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/ubbthreads/ubbthreads\\\\.php|/install/index\\\\.php|/admin/fetch_data_af\\\\.php\\\\?action=create_txt_file_from_af_table$|/admin
structure/feeds/edit)" against "REQUEST_URI" required. [file "/hsphere/shared/apache2/conf/modsecurity.d/10_asl_rules.conf"] [line "361"] [id "340159"] [rev "31"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Generic SQL inline command protection (MM)"]
data "and will not be disclosed to any party other than Whitecrest Funding, LLC and its operating partner(s). \\x22, \\x22labelPlacement\\x22: \\x22top_label\\x22, \\x22maxEntriesMessage\\x22: \\x22\\x22, \\x22confirmation\\x22: {\\x22type\\x22: \\x22mes
age\\x22, \\x22message\\x22: \\x22Thanks for contacting us! We will get in touch with you shortly.\\x22, \\x22url\\x22: \\x22\\x22, \\x22pageId\\x22: \\x22\\x22, \\x22queryString\\x22: \\x22\\x22, \\x22disableAutoformat\\x22: false}, \\x22button\\x22: {\\
22type\\x22: \\x22text\\x22, \\x22text\\x22:..."] [severity "CRITICAL"] [hostname "whitecrestfunding.com"] [uri "/wp-admin/admin.php"] [unique_id "UJk4z9BNnm4ADOPcqYIAAAAF"]
[Tue Nov 06 09:10:33 2012] [error] [client 108.9.221.232] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/ubbthreads/ubbthreads\\\\.php|/install/index\\\\.php|/admin/fetch_data_af\\\\.php\\\\?action=create_txt_file_from_af_table$|/admin
structure/feeds/edit)" against "REQUEST_URI" required. [file "/hsphere/shared/apache2/conf/modsecurity.d/10_asl_rules.conf"] [line "361"] [id "340159"] [rev "31"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Generic SQL inline command protection (MM)"]
data "and will not be disclosed to any party other than Whitecrest Funding, LLC and its operating partner(s). \\x22, \\x22labelPlacement\\x22: \\x22top_label\\x22, \\x22maxEntriesMessage\\x22: \\x22\\x22, \\x22confirmation\\x22: {\\x22type\\x22: \\x22mes
age\\x22, \\x22message\\x22: \\x22Thanks for contacting us! We will get in touch with you shortly.\\x22, \\x22url\\x22: \\x22\\x22, \\x22pageId\\x22: \\x22\\x22, \\x22queryString\\x22: \\x22\\x22, \\x22disableAutoformat\\x22: false}, \\x22button\\x22: {\\
22type\\x22: \\x22text\\x22, \\x22text\\x22:..."] [severity "CRITICAL"] [hostname "whitecrestfunding.com"] [uri "/wp-admin/admin.php"] [unique_id "UJkoaNBNnm4ADDoPFxwAAAA9"]
[Tue Nov 06 09:03:53 2012] [error] [client 108.9.221.232] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (/ubbthreads/ubbthreads\\\\.php|/install/index\\\\.php|/admin/fetch_data_af\\\\.php\\\\?action=create_txt_file_from_af_table$|/admin
structure/feeds/edit)" against "REQUEST_URI" required. [file "/hsphere/shared/apache2/conf/modsecurity.d/10_asl_rules.conf"] [line "361"] [id "340159"] [rev "31"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Generic SQL inline command protection (MM)"]
data "and will not be disclosed to any party other than Whitecrest Funding, LLC and its operating partner(s). \\x22, \\x22labelPlacement\\x22: \\x22top_label\\x22, \\x22maxEntriesMessage\\x22: \\x22\\x22, \\x22confirmation\\x22: {\\x22type\\x22: \\x22mes
age\\x22, \\x22message\\x22: \\x22Thanks for contacting us! We will get in touch with you shortly.\\x22, \\x22url\\x22: \\x22\\x22, \\x22pageId\\x22: \\x22\\x22, \\x22queryString\\x22: \\x22\\x22, \\x22disableAutoformat\\x22: false}, \\x22button\\x22: {\\
22type\\x22: \\x22text\\x22, \\x22text\\x22:..."] [severity "CRITICAL"] [hostname "whitecrestfunding.com"] [uri "/wp-admin/admin.php"] [unique_id "UJkm2NBNnm4ADCOWYOsAAAAm"]

Does this help at all?

Posted 11 years ago on Tuesday November 13, 2012 | Permalink
amyd
Member

Hi,

Any headway on this?

Thanks!

Posted 11 years ago on Thursday November 15, 2012 | Permalink
David Peralty

I've contacted our developers to see if they have any insight into this issue. It isn't one I've seen before.

Posted 11 years ago on Thursday November 15, 2012 | Permalink
David Smith
Member

Hi Amy,

You mentioned your server/host had this to say: "Apparently, the add-on you're using is tripping an SQL Injection rule."

Could they give us any more information on which rule is being broken?

Posted 11 years ago on Thursday November 15, 2012 | Permalink
amyd
Member

Ok after further testing, the error only seems to happen when I edit a Checkbox field and try to customize the fields.

Posted 11 years ago on Friday November 16, 2012 | Permalink
David Peralty

Can you tell us how you are customizing the fields? Are you writing custom functions to do something special?

Posted 11 years ago on Friday November 16, 2012 | Permalink
amyd
Member

Nope, the field I'm editing is a checkbox. I'm adding the choices for the checkbox, but when I click update, I get the error page.

Posted 11 years ago on Monday November 19, 2012 | Permalink
David Peralty

Can I please have you try the following steps to see if there is a plugin/theme conflict that we can isolate?

http://www.gravityhelp.com/documentation/page/Testing_for_a_Theme/Plugin_Conflict

Posted 11 years ago on Monday November 19, 2012 | Permalink
Chris Hajer
Key Master

This is the rule which is being tripped and causing the 403 error: http://pastebin.com/MYT0VArt

From this page: http://updates.atomicorp.com/channels/rules/delayed/modsec/10_asl_rules.conf (may not be the same version although the rule id is the same, 340159)

I'll bring this to the attention of the developers.

Posted 11 years ago on Monday November 19, 2012 | Permalink
amyd
Member

Thanks! Meanwhile, is there a fix for the plugin to work on the site?

Posted 11 years ago on Tuesday November 27, 2012 | Permalink
amyd
Member

Also, FYI, when I try to hit Next on the form or in the Preview, the error comes up as well.

Posted 11 years ago on Tuesday November 27, 2012 | Permalink
amyd
Member

I'm using the default WordPress theme and also, I tried disabling all plugins, still not working.

Thanks!

Posted 11 years ago on Tuesday November 27, 2012 | Permalink
Chris Hajer
Key Master

There is no fix for the plugin. Your host is using aggressive security filters, and Gravity Forms is using some functionality the filters will not allow. Can you talk to your host about relaxing the restrictions for Gravity Forms?

This is the first I have heard of this problem, so it's not widespread.

Posted 11 years ago on Tuesday November 27, 2012 | Permalink