I have an issue when I try to save in the metadata tab (step 3), at first we can’t save anything of metadata for a particular manuscript, but when I save first some info and later other I can recognize the problem but is really weird… is just one line of text in the translate abstract, and when I try to put this line the system “collapse” and in the console in Chrome generate this error:
POST http://ojs.xxxx.cl/index.php/xxxx/submission/saveStep/3 403 (Forbidden)
I suspect this is mod_rewrite or something similar preventing a legitimate request from getting to OJS. Check if your server uses a tool like this; any interventions should be logged.
Regards,
Alec Smecher
Public Knowledge Project Team
In the error log: but is no an error log after I pressing the button, just the following lines when I open the Metadata Tab (is a long list but is “normal”): I prefer upload an image because is nothing new…
I think the problem is in JS, like one character or mix of characters, like html code but when I try other options (like video 2 and 3) nothing happend
An update: the problem is Comodo WAF. One rule for SQLmap attack detect the last word in the abstract like an attack: “…en esta especie de roedor.” the last word “roedor.” have OR at the end, and maybe this makes a match with something like or]</p> like the example in this post: Rule 218500 False positives · Issue #856 · SpiderLabs/owasp-modsecurity-crs · GitHub
@asmecher, @ajnyga, maybe you have more info about that… what is recommended for this? Comodo rules are very useful and widely used, it is possible to change some code in OJS forms, in order to avoid problems like that? or this is maybe a bad structured rule in comodo… I don’t know, for this moment I am happy to find the root of the problem.
Yes, it is ususally sql related strings that trigger mod_security. I have to say that I have no expertise in setting mod_security, but I believe there is really nothing you can do in the OJS end. Basically any form element that would be submitted on the server with the same content would cause the error.
I think that the best place to find help with the rules is Stack Exchange, but it could be that Alec knows about these as well.