Menu

Topic-icon Since 3.1.6 upgrade admin users getting 'forbidden access'

More
1 month 1 week ago #6817 by qldnet
Also, I have Easy Config activated.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6819 by Jose
Hi qldnet,

To solve this do one of the following actions:

- Go to Configuration -> Rules management and disable the option to apply filters to "Super users" group (you can also add "Administrator" or any other desired group) .



- Download and install 3.1.6 version again. Yesterday I added some changes to avoid this situation. Also go to Configuration -> Waf configuration -> Filter exceptions -> XSS tab and set the "strip all tags" to No. Delete the "img" tag and save changes.



I really apologize for this inconveniences; since this version all rules are also applied to admin accounts to avoid dangerous attacks conducted against them and obviously some filters are giving false positives. Yesterday I was notified about this and I modified the 3.1.6 version, so following any of the points above should solve your issues.

Regards,
Jose
Attachments:

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6820 by qldnet
Hi Jose, just like wallyhow, the problem is SQL injection false reporting. What works is filtering of the component. I have tried disabling user and xss but that did nothing. Only If I filter a component out (under SQL injection - SQL pattern filter) do I resolve the issue.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6821 by Jose
Hi qldnet,

Yes, I know it. This is why I uploaded a new 3.1.6 version yesterday. Installing it should solve the issue without adding exceptions.

Regards,
Jose

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6822 by qldnet
I have downloaded a file from the website after your post (yesterday) and installed it and still same if I do not filter I get SQL error.

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #6823 by Jose
Umm, it's odd. Which SQL filters are applied? 'Duplicate backslashes' and 'using integers'?

If so maybe the changes have not been applied. In that case give me some time to arrive home and send you the modified file so you can override it manually.

Thank you very much for your patience,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.061 seconds
Powered by Kunena Forum

Login or Sign In