Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#13 2022-11-21 00:21:26

lenatime
Member
From: Silverton, OR USA
Registered: 2022-11-17
Posts: 12
Website

Re: CPanel Permissions? Best practices... and changing it to be correct?

phiw13 wrote #334156:

LenaTime wrote #334154:

At least from your further comments your issue looks far less dramatic that a first impression…Good.

mod_security is a module for Apache for managing security of the server. It does this by preventing some types of transactions or scripts. In some configurations it has been known to interfere with the working of Textpattern.

Just to be clear, you installed Textpattern through Cpanel? That might be the reason for some hiccup or misconfiguration. I vaguely remember another user upgrading a Textpattern installation through Cpanel and having some odd issues.

Can you install / upload Textpattern with a FTP client (Transmit, FileZilla, …)? Be sure not to overwrite the images and files folders if you already have uploaded images or files, and don’t delete the config.php file inside the textpattern folder.

You were right! It was the ModSecurity app. Namecheap techsupport whitelisted the triggers. Took a few rounds to find all the triggers. Yah!

Offline

#14 2022-11-21 07:26:14

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,220
Website

Re: CPanel Permissions? Best practices... and changing it to be correct?

lenatime wrote #334172:

You were right! It was the ModSecurity app. Namecheap techsupport whitelisted the triggers. Took a few rounds to find all the triggers. Yah!

Yay! One round for the stubborn ones.

Glad you could get through it with and that tech support at Namecheap were willing to help you and tweak the mod_security settings. Not all hosts are willing to do that.

BTW, if you have run into such issues where the server tells you a “Error 403 – you can’t do this-or-that”type of message you can always try to disabling (on a temporary basis! to help with troubleshooting) mod_security. Add the following in you .htaccess file:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

It does not always work, some hosts prevent you from doing this. I think you can also disable it in your cPanel on some hosts.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#15 2022-11-21 13:57:58

lenatime
Member
From: Silverton, OR USA
Registered: 2022-11-17
Posts: 12
Website

Re: CPanel Permissions? Best practices... and changing it to be correct?

phiw13 wrote #334174:

Yay! One round for the stubborn ones.

Glad you could get through it with and that tech support at Namecheap were willing to help you and tweak the mod_security settings. Not all hosts are willing to do that.

BTW, if you have run into such issues where the server tells you a “Error 403 – you can’t do this-or-that”type of message you can always try to disabling (on a temporary basis! to help with troubleshooting) mod_security. Add the following in you .htaccess file:

<IfModule mod_security.c>...

It does not always work, some hosts prevent you from doing this. I think you can also disable it in your cPanel on some hosts.


When I accessed ModSecurity through Cpanel, I was able to turn it off. It has a simple on/off toggle for each domain, which is how I confirmed your flag/suggestion. Namecheap appears to not let users whitelist triggers, or at least not that I could see (as a tool within Cpanel per se). They document, right on ModSecurity’s page, to contact chat tech support to whitelist triggers, and of course, a big warning not to turn off ModSecurity. The toggle is probably only meant to be used for trouble-shooting…
Thanks again. You were a great help! (I spent way too much time chasing down permissions.)

Offline

Board footer

Powered by FluxBB