TwoKooL wrote:Would it be possible to try the code on your side and let me know the outcome?
Yes it works
https://d.pr/i/7uQXC, but I already knew that.
Try the below code instead, as it doesn't include <script> tags, which your servers firewall is undoubtedly reacting on:
var sc_project=111000222;
var sc_invisible=1;
var sc_security="111222000";
var scJsHost = "https:" == document.location.protocol ? "https://secure." : "http://www.";
function x3_load(){
$.getScript(scJsHost + "statcounter.com/counter/counter.js");
}
TwoKooL wrote:I have contacted my hosting support team and it seem like they are not able to point out any rules or firewall setting that would fix my issue.
If your host returns "forbidden" when trying to save (which Im sure it does), then it is your host firewall. I could easily confirm that 100% if you give me login access to your panel. Unfortunately, web hosts are unwilling to accept the fault is on their side, but it's almost certainly a rule in their
mod_security, which is blocking the POST request.
I dealt with this issue on behalf of a client's sever only two days ago. For sake of clarity, here is the transcript between me and the host, including screenshots, with links hidden:
mjau-mjau wrote:Hi {HOST},
On behalf of a client {URL}, I would like to let you know that your web firewall is blocking the website’s control panel from saving information. Everything under {URL}/panel/ should not be blocked by Firewall … How is the web editor going to SAVE data if it’s blocked by POSTS made to {URL}/panel/x3_settings.php?
It’s clearly firewall issue, because the script is blocked only when data is set to it by POST method, but not when accessed directly in browser.
{HOST} wrote:Dear Karl,
Firewall is working by blocking\allowing tcp\udp ports, not web content.
If the firewall were blocking the port 80 [http~ web content] than nobody could access the web at all.
It's something with the code\module\plugin\settings of your web.
mjau-mjau wrote:Hi {HOST},
I don’t know where you get the idea that we are trying to access anything through a different PORT than default web. I have several years experience with this exact issue, and it’s always the hosts firewall.
Here are SCREENSHOTS that make the issue very very clear:
When clicking “SAVE” and POST data to the specific URL, we get “403 Forbidden”. This is CLEARLY a firewall issue … why else would it return forbidden? There is nothing in the code that would do that.
http://d.pr/i/PRw1
Of course, when accessing the URL directly in browser {URL}/panel/x3_settings.php, it works fine
http://d.pr/i/K16U, because there is no POST method to the URL in mention, and your firewall does not trigger any rules based on data sent in POST.
FURTHERMORE, if I remove several HTML snippets from the settings (data) that is sent by POST, it actually works. This proves that your firewall is triggering rules when certain html tags/content is being sent to script by POST method.
I KNOW this issue, because I have dealt with it a dozen times the last few years. It’s nothing to do with the script.
If the host cannot acknowledge this issue, I will need to explain to the client “Sorry, but you cannot use X3 on this host, because the hosts firewall is blocking the X3 control panel from saving and storing any data. The X3 control panel is already secured by login for admin only, but the sever firewall makes no difference of this”.
{HOST} wrote:Dear Karl,
No, unfortunately thats not about firewall. not this time at least.
I checked the permissions, looks just fine,
Please try again and let me know if there is still problem
mjau-mjau wrote:Hi {HOST},
If this email doesn’t explain it correctly, then I can’t offer anything else:
Let’s try to click “SAVE”. Result “Forbidden”:
http://d.pr/i/Md4M
OK, let’s try to remove the “html” that gets sent with the POST request. Result -> Works! Clearly your server is blocking the post when it contains some/certain html.
http://d.pr/i/9Dpo
Ok, let’s try to re-add the html that gets sent through the POST request. Result “forbidden”
http://d.pr/i/171Fq
For the sake of making the case clear beyond any doubt, let’s EMPTY the x3_settings.php script. This script now is empty and does absolutely NOTHING.
http://d.pr/i/1bdC7
… of course, since this is not related to the script at all, but the firewall blocking the POST itself, it still returns “forbidden:
http://d.pr/i/oads
How can this case be any more clear? Your firewall is blocking POST requests if it contains certain html. I have helped a dozen others with the exact same issue. This is the last email I will bother reply to, and I will just let the client know they can’t save settings because server is blocking POST when certain html is included.
Finally ...
{HOST} wrote:I saw the block at our ModSecurity, I allowed the rule that blocked the POST in your website.
Please check now if it's working.
mjau-mjau wrote:Thanks, it works now.