Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Problem with AUP RULES : No points

Topic-icon Problem with AUP RULES : No points

Active Subscriptions:

None
11 years 8 months ago #26194 by lorde
Ok Alex,
thanks.
I see that's something complex...
I will begin my research right now, no ideas from where to start the check? Apache is something about hosting not directly tie to Joomla.
Best
Lorenzo
The topic has been locked.
Support Specialist
11 years 8 months ago #26196 by alzander
From some testing, I basically just kept chopping bits off of the long URL above to see when it 'breaks'.
The original URL is:
http://www.liveandshop.com/index.php?
option=com_jfbconnect&controller=social&task=likeCreate&
href=http%253A%2F%2Fwww.liveandshop.com%2Findex.php%253Foption%253Dcom_k2%2526view%253Ditem%2526id%253D118%253Atest
I broke that into multiple lines because in my post above, you may not see the full thing in your browser.

If I remove it down to the below, where I remove most of the referring URL, it still breaks:
http://www.liveandshop.com/index.php?
option=com_jfbconnect&controller=social&task=likeCreate&href=http%253A%2F%2F
However, if I simply remove the encoding for the :// part, it works (you'll see just a blank page, but that's a good thing:
http://www.liveandshop.com/index.php?
option=com_jfbconnect&controller=social&task=likeCreate&href=http
So, it seems something with your server is seeing the http:// in a URL and not liking it. We encode the URL (which is why you see the %253A%2F.. stuff. Encoding should make it so your server ignores those types of characters. However, again, if you have a firewall or other security mechanism on the system that's very agressive, it may try to decode and prevent even encoded query string parameters from working.

Hope that gives you some more information about where to look, or at least what information to provide to your server/hosting techs.

Alex
The topic has been locked.
Active Subscriptions:

None
11 years 8 months ago #26197 by lorde
Hi Alex,
I found this in the error logs of the host :
[Tue Sep 04 23:10:48 2012] [error] [client 66.xx.52.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\%((?!$|\\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:href. [file "/etc/apache2/modsec/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "285"] [id "950109"] [rev "2.2.5"] [msg "Multiple URL Encoding Detected"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/EVASION"] [hostname "www.liveandshop.com"] [uri "/index.php"] [unique_id "UEZuWMGpOB0AAHRFhpIAAABM"]

There are multi error logs looking the same ....it seams that you are right, the problem is somewhere under level of Joomla.
I'm investigating with the Host now, maybe they did same changings in their security system (firewall or whatever) and this is the cause...
Coming back to you....when they answer me.

Lorenzo
The topic has been locked.
Active Subscriptions:

None
11 years 8 months ago #26198 by lorde
I Alex,
if I use your code : www.liveandshop.com/index.php?option=com...likeCreate&href=http
This is a blank page, however it assign the points, it send the email of notifiction for a new "I like it".
I got my points after manually used the code above.
So, it's a problem of the Host 100%. Their security system thinks there is a violation (like it is mention in the error log) and stop the loading of the page to assign points

Keep you posted.
Cheers,
Lorenzo
The topic has been locked.
Active Subscriptions:

None
11 years 8 months ago #26200 by lorde
Hi Alex,
The problem was SOLVED! Problem was side Host modsecurity rule. Once the rule has been removed then all perfectly works.

Thanks for your assistance!!!
Best,
Lorenzo
The topic has been locked.
Support Specialist
11 years 8 months ago #26205 by alzander
Lorenzo,
Fantastic! Very glad to hear you got it going. I've taken a note of this issue to investigate if we can be passing the URL in a better way. While I'm all for security measures being taken, the rule you mention seems overly aggressive in my opinion.. but I'm not a security expert.

Anyways, as always, should you need anything else, just let us know!

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago #26689 by lorde
Hi Alex,
need to come back to you again .....
All works but not AUP points with Comments.
All rules are there, I get points (5) for any "I like" but nor for comments in homepage and for any comments left in K2 items.

Please can you give me an help?


Admin credentials for backend are the same as for my last PM to you.
Website : www.liveandshop.com


Thanks.

Best,
Lorenzo
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago #26724 by lorde
Hi Alex,
did you have time to read my PM?
Are you able to find a minute to understand the problem?

Best,
Lorenzo
The topic has been locked.
Support Specialist
11 years 7 months ago #26742 by alzander
Lorenzo,
I just logged in and went to index.php?option=com_k2&view=item&id=123:test

From there, I made a comment (and Like'd it), and it showed up in the AUP activity log as expected. I didn't change anything else. Can you re-verify that it isn't working, and possibly test with a different user as well? Not sure why my behavior was different, but I didn't make any changes.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago #26756 by lorde
Hi Alex,
Thank you for your help.
Yes, it's true if I comment as another user (no superuser) everything works.
I do not understand why it doesn't give points to me.
Anyway this is not so important.

I think now all works and so I can start adverting my web service.
Thanks a lot.

Regards,
Lorenzo
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Problem with AUP RULES : No points
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS