Menu

Topic-icon Front end editing

  • margknox
  • margknox's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
7 months 6 days ago #7500 by margknox
Front end editing was created by margknox
I allow one of my clients to login on the front end to do minor edits. I have been using ECC+ and Google NoCaptcha.
However he now gets a message that "The webmaster has forbidden your access to this site" ~~~/securitycheckpro.php on line 1203
What do I need to configure to allow this client to login to the front end and do minor edits?
Thank you.

Please Log in or Create an account to join the conversation.

More
7 months 6 days ago #7501 by Jose
Replied by Jose on topic Front end editing
Hi margknox,

The best way to avoid it is enabling the 'Easy config' feature from main panel of Securitycheck Pro.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • margknox
  • margknox's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
7 months 5 days ago #7502 by margknox
Replied by margknox on topic Front end editing
Thank you Jose. I have now applied 'Easy config' and also cleared the cache, but no change, still the Webmaster forbids access.

Please Log in or Create an account to join the conversation.

More
7 months 5 days ago #7503 by Jose
Replied by Jose on topic Front end editing
Can you post a screenshot of Securitycheck Pro logs when this happens?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • margknox
  • margknox's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
7 months 4 days ago - 7 months 4 days ago #7504 by margknox
Replied by margknox on topic Front end editing
There are three: the message on attempting to login on the front end of site, then I attempted tologin on the backend and got a similar message, then tried again to login on the backend and succeeded so the third attachment is the log file.
Thank you.
Last edit: 7 months 4 days ago by Jose. Reason: Avoid information disclosure

Please Log in or Create an account to join the conversation.

More
7 months 4 days ago #7505 by Jose
Replied by Jose on topic Front end editing
Hi Margknox,

There are some steps to take:

- Go to Waf configuration -> Filter exceptions -> Xss tab and set the "Filter all tags" dropdown to "No". This will avoid some false positives I see in the logs.
- The "user session protection" feature doesn't allow to be logged twice with the same account. If do you need that then go to Waf configuration -> User session protection and disable the "Forbid concurrent user logins" option.

Once thing more: the server is configured to show warnings and this could cause a path disclosure (you can see the entire path to my plugin in the third screenshot; this is why I deleted the screenshots). To avoid this on live sites you should go to System -> Global configuration -> Server tab and set the "Error reporting" dropdown no "None".

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.070 seconds
Powered by Kunena Forum

Login or Sign In