[OJS 3.2.1.1] Custom Header plugin - The requested URL was rejected

Hello,

When adding JavaScript to the Custom Header plugin and clicking OK, the OK button greys out but nothing seems to happen. The Custom Header settings window stays open and I get the following error message when I look in the developer tools:

"The requested URL was rejected. Please consult with your administrator.

Your support ID is: 1353837897337869614"
The response code is a HTTP 200 OK, so that is misleading. The URL of the call is https://<journal_domain>/$$$call$$$/grid/settings/plugins/settings-plugin-grid/manage?category=generic&plugin=customheaderplugin&verb=settings&save=1

This is on OJS 3.2.1.1 and Custom Header plugin version v1.0.2.1. This happens when trying to change both the Header Content and the Footer Content.

The warnings I see in the error logs are:
[php7:warn] [pid 24592] [client 132.216.177.190:56705] PHP Warning: Declaration of CustomHeaderSettingsForm::execute($request, …$functionArgs) should be compatible with Form::execute(…$functionArgs) in /<journal_path>/plugins/generic/customHeader/CustomHeaderSettingsForm.inc.php on line 79, referer: https:/<journal_domain>/management/settings/website

Please let me know if you need more information.

Hi @Stevel,

The requested URL was rejected. Please consult with your administrator.

Your support ID is: 1353837897337869614

This message is coming from something else in your server stack, not OJS – likely a security module in your web server such as mod_security, or perhaps a firewall. Check what your server is running and watch its logs for details on what rule is being triggered.

Regards,
Alec Smecher
Public Knowledge Project Team

This specific message is consistent with the rejection message from an F5 BIG IP WAF.

Thank you @ctgraham and @asmecher. I was able to submit a non-JavaScript string successfully, so I will follow up with our IT to see if it’s possible to make changes to the firewall.