[Vtigercrm-developers] Forbidden creating contacts

Tim Mohrbach preexo at googlemail.com
Sat Mar 26 01:32:56 GMT 2016 

Mod security and the community rules haslve caused so much trouble for vtiger, that I disabled it for the vtiger virtual host. 
I would appreciate a good vtiger rule set though :) 
It's still worth having it enabled globally though, so that the other virtual hosts are protected and the usual directories for attacks like cgi and tmp 

On March 25, 2016 9:24:11 PM GMT+08:00, Manuel Fernando <ptdesigner at gmail.com> wrote:
>Appears to be caused by a false-positive
>
>
>A good info about this can be found here:
>http://blog.modsecurity.org/2007/02/handling-false.html
><http://blog.modsecurity.org/2007/02/handling-false.html>
>
>Still looking for the cause of what is triggering this false-positive
>Inspecting Products and Contacts modules.
>
>
>Best Regards.
>Manuel
>
>
>
>> No dia 25/03/2016, às 13:12, Manuel Fernando <ptdesigner at gmail.com>
>escreveu:
>> 
>> Yes, you are right, it´s not php limits.
>> 
>> And no custom code, workflows and no errors.
>> 
>> It´s more related to mod security Roule ID 240890
>> 
>> Not easy to find information about that roule ID
>> 
>> 
>> 
>> Best Regards
>> Manuel
>> 
>> 
>>> No dia 25/03/2016, às 04:32, Sutharsan Jeganathan
><ajstharsan at gmail.com <mailto:ajstharsan at gmail.com>> escreveu:
>>> 
>>> Hi
>>> 
>>> It cannot be a php limit since you have less than 1000 fields in
>your form.
>>> 
>>> Have you enabled customer portal? If so what is its URL?
>>> 
>>> 
>>> Also Check whether any customization have been done in your CRM. 
>>> 
>>> Also check whether any workflow custom function is running which is
>triggered through full create form only, not quick create(if the field
>is not in quick create).  In this case contact will be created then
>error is shown.
>>> 
>>> It can happen if vtiger web service is called somewhere, probably
>with Query type (such as 'SELECT id FROM Contacts').  
>>> 
>>> Also you need to check any customization at After or before save
>events of contacts.
>>> 
>>> 
>>> Thanks
>>> Sutharsan Jeganathan
>>> 
>>> 
><https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-2115-v2-c>	No
>threats detected. www.avast.com
><https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=oa-2115-v2-c>
><x-msg://4/#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>> 
>>> On Thu, Mar 24, 2016 at 10:47 PM, Manuel Fernando
><ptdesigner at gmail.com <mailto:ptdesigner at gmail.com>> wrote:
>>> Hello, 
>>> 
>>> just for reference.
>>> 
>>> I have no access to logs.
>>> 
>>> I was inspecting and i found that tickets for example are ok because
>they only have in full mode about 13 fields.
>>> In contacts and products, are more than 32 fields.
>>> 
>>> This could be related to any php limit inputs?
>>> 
>>> Best Regards
>>> 
>>>> No dia 23/03/2016, às 10:31, Alan Bell <alan.bell at libertus.co.uk
><mailto:alan.bell at libertus.co.uk>> escreveu:
>>>> 
>>>> what is the error in the apache log which you can find at
>/var/log/apache2/error.log and/or /var/log/apache2/access.log
>>>> 
>>>> is your vtiger installed in the root of the server, so
>myserver.com/index.php <http://myserver.com/index.php> is the right
>place or is it in a subdirectory myserver.com/vtiger/index.php
><http://myserver.com/vtiger/index.php> because if so then in
>config.inc.php your path is probably wrong.
>>>> 
>>>> Alan.
>>>> 
>>>> On 22/03/16 10:51, Manuel Fernando wrote:
>>>>> 
>>>>> Does anyone faced this situation?
>>>>> This happens when Contact is being created or try to edit existing
>Contact. Same for Organizations
>>>>> Doesn’t occur if contact is created from quick create
>>>>> 
>>>>> This method was tested to check if mod_rewrite is properly
>configured and seems mod_rewrite is working
>>>>> https://docs.bolt.cm/howto/making-sure-htaccess-works
><https://docs.bolt.cm/howto/making-sure-htaccess-works>
>>>>> 
>>>>> Forbidden
>>>>> 
>>>>> You don't have permission to access /index.php on this server.
>>>>> 
>>>>> Additionally, a 403 Forbidden error was encountered while trying
>to use an ErrorDocument to handle the request.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Best Regards.
>>>>> Manuel
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/ <http://www.vtiger.com/>
>>>> _______________________________________________
>>>> http://www.vtiger.com/ <http://www.vtiger.com/>
>>> 
>>> _______________________________________________
>>> http://www.vtiger.com/ <http://www.vtiger.com/>
>>> 
>>> _______________________________________________
>>> http://www.vtiger.com/ <http://www.vtiger.com/>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>http://www.vtiger.com/

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20160326/74eb392f/attachment.html>

More information about the vtigercrm-developers mailing list