Hello
I get error 403 when I try to edit my web page with Visual Editor (see the following pictures) :
1 : https://ibb.co/rx8zSnB
2 : https://ibb.co/pWkxdFv
the log file:
/********************begin********************************/
15924728284529559292 xxx.xxx.xxx.xxx 80 127.0.0.1 80
–0a030000-B–
POST /wp-admin/admin-ajax.php?_panelsnonce=a060958d1e&_fs_blog_admin=true HTTP/1.1
Connection: close
Content-Length: 104
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6
Cookie: wordpress_sec_e1769b03582177d5fbfdb9be6e5ebce4=seor%7C1596527708%7CRGUVziLOGQ4HKE9HvYadQbEHPSFfOUG1AyqG1JEt8ml%7C9e0e77659e563b8a4ad50a49274a9d913eae646da5f536330bf7e69caf281960; _ga=GA1.2.464034023.1595922446; wp-settings-1=editor%3Dhtml%26libraryContent%3Dbrowse%26siteorigin_panels_setting_tab%3Dwelcome%26post_dfw%3Doff%26advImgDetails%3Dshow%26hidetb%3D1%26wplink%3D1%26mfold%3Do%26imgsize%3Dlarge%26uploader%3D1; wp-settings-time-1=1596020307; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_e1769b03582177d5fbfdb9be6e5ebce4=seor%7C1596527708%7CRGUVziLOGQ4HKE9HvYadQbEHPSFfOUG1AyqG1JEt8ml%7C550bc76a7b81b260728651a8f407cab018e896eceef44b18485bc3bd4d2f5c97
Host: www.test.dz
Referer: https://www.test.dz/wp-admin/post.php?post=5066&action=edit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
x-requested-with: XMLHttpRequest
origin: https://www.test.dz
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
–0a030000-F–
HTTP/1.1 500 Internal Server Error
–0a030000-H–
Message: Access denied with code 403 (phase 1). Match of “rx ^%{tx.allowed_request_content_type_charset}$” against “TX:1” required. [file “C:/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “944”] [id “920480”] [msg “Request content type charset is not allowed by policy”] [data “utf-8”] [severity “CRITICAL”] [ver “OWASP_CRS/3.2.0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASP_CRS”] [tag “OWASP_CRS/PROTOCOL_VIOLATION/CONTENT_TYPE_CHARSET”] [tag “WASCTC/WASC-20”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/EE2”] [tag “PCI/12.1”]
Action: Intercepted (phase 1)
Apache-Handler: IIS
Stopwatch: 1596443888643582 0 (- – -)
Stopwatch2: 1596443888643582 0; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for IIS (STABLE)/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.2.0.
Server: ModSecurity Standalone
Engine-Mode: “ENABLED”
–0a030000-Z–
/***********************end*****************************/
Ps: i have already disabled all the plugings except “page builder”,and used the default wordpress theme, but the error persists.
Hi Djm
Thanks for reaching out.
Perhaps try reaching out to your hosts and ask if they can check the Mod Security (or similar) logs for false positives related to the error you sent.
HI andrew,
thanks for your reply .I’ve already contacted our web host, we are waiting their answer.
I’ll informe you when i get their reply.
Thanks again.
Super, thanks. Let us know how it goes.
HI andrew,
After reaching out to our web host , the problem was solved (modsecurity false positive).
Thank you very much.
Super, I’m really glad to hear your hosts were able to assist, that’s great news.
Cheers for now :)