Registration denied by Mod_Security

  • Marvin The Martian
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
3 months 4 days ago #125024 by Marvin The Martian
Registration denied by Mod_Security was created by Marvin The Martian
Hi, has anybody got experience with the following:

I have a membership site with three different plans, and all is going well --- except for one visitor. Whenever they have filled in all the details and click submit, the server interrupts all with the message "Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security." Screenshot:



I've got the visitor's IP so in the serverlog I just see a normal (status: 200) visit. I have other visitors registering and paying on all three plans, no problem (and no complaints). I took that visitor's data and tried to register in their name and I got the same response. They were visiting from a trusted network (University of Cambridge, actually) and I'm visiting from home. I don't think a language blacklist was triggered as I don't see accidentally tripping that*.

I'm not that clear on what Mod_Security looks out for... The website is on a shared host [BlueHost] so the settings are out of my reach; I'll try to deal with support again but I want to understand what to ask for before I waste energy on that again.

Any ideas/suggestions?

[*I mean e.g., the word "classic" is wrongly parsed therefore censored as either "cl*ssic" or "clbuttic".]
Attachments:

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago #125034 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Registration denied by Mod_Security
Hi Marvin

The error throws by the server, this is not related to code, so Yes, you will have to contact your hosting provider and ask them to check it

Regards,

Tuan

Please Log in or Create an account to join the conversation.

  • Marvin The Martian
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
3 months 4 days ago #125037 by Marvin The Martian
Replied by Marvin The Martian on topic Registration denied by Mod_Security
Hi Tuan,

OK, thanks for confirming! I was hoping someone had experience with what kind of thing triggers this --- blacklisted IP, HTML in textbox answers, ... .

In my situation, I worked around the Mod_Security block, by making an account for this visitor, and then a backdated (just-expired) subscription; so then they "renewed" and after that I deleted the expired subscription.

Please Log in or Create an account to join the conversation.

  • Marvin The Martian
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 2 weeks ago #125555 by Marvin The Martian
Replied by Marvin The Martian on topic Registration denied by Mod_Security
OK --- I've found the cause:

If a hyperlink is posted into a textfield, Mod_Security forbids registration. If you cut the protocol (like https://) off, it is allowed. In my case, I have such a text field because I must ask for proof of student status.

Is there an obvious way to validate a specific field, and cut out the "http" before submitting?

Please Log in or Create an account to join the conversation.

More
2 months 2 weeks ago #125564 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Registration denied by Mod_Security
Hello Marvin

I don't understand why mod_security blocks it. What if you ask users to provide website URL for example? It's a valid requirement and should not be blocked

If mod_security blocks it, I think it needs to be re-configured to allow entering URL into a text field

Tuan

Please Log in or Create an account to join the conversation.

  • Marvin The Martian
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 months 2 weeks ago #125567 by Marvin The Martian
Replied by Marvin The Martian on topic Registration denied by Mod_Security
I also don't understand it, because in another field I ask people if they have a homepage URL they want displayed (optional URL field). A lot of people have filled this in, and it does NOT trigger Mod_Security --- so I think it has something to do with the validation of a textfield?

Please Log in or Create an account to join the conversation.

More
2 months 2 weeks ago #125574 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Registration denied by Mod_Security
I don't have experience with Mod_Security , so I am unsure. If you really want to figure out, I think you will need to contact your hosting provider and ask him to check it.

They should be able to check and give you a clear answer

Tuan

Please Log in or Create an account to join the conversation.