Why do I see a 404 page when i save my form settings?
The Mod Security rules recently changed on some servers. As a result, some of the customizable HTML is getting flagged as a false positive. When this happens, you’ll either see a 403 (permission denied) or 404 (page not found) when you hit save on the settings page for each form.
You have two options to solve the problem, while we wait for the issue to be resolved with mod security.
- Contact your web host and ask them to disable rule 941320 or 218500 in mod security.
- Go to your Customize HTML tab for your form. Remove [if error] and [/if error] from each field in your form.
403 errors
Hello,
I’m suddenly getting unexpected 403 errors when previously all was working well. Oddly its not on every form on my website which has left me scratching my head.
This one has the 403 errors on next or save draft: https://www.stephenleecelebrancy.com.au/kiss-me-quick-weddings/online-ceremony-creator/
Can you help me track down what may be causing it? Many thanks.
October 30, 2017 at 6:04 pm
Hi —
To rule out conflicts, does this happen when you do these things?
If so, you can add each thing in, one by one, and test after each one to see who the culprit is.
October 30, 2017 at 6:05 pm
If you don’t want to do the test on your live site, you can make a copy of the site and do the testing there.
You can copy using free plugins like Duplicator or All in One Migration, or any plugin or system you like.
October 30, 2017 at 10:43 pm
Done – but same result.
I notice that when I preview the form from the form builder page, it doesn’t give a 403 page.
What can I check with my hosting provider? Or should I check my CHMOD settings – what should they be?
October 30, 2017 at 11:06 pm
Hi —
Good to know the problem doesn’t exist with preview. I’m wondering why it exists when you have the 2017 theme, no plugins activated, and custom code disabled.
One thing you can ask your host about is ModSecurity. We’ve had users suddenly not be able to access things on their sites because ModSecurity rules were enabled. Users have had success with asking their hosting providers to disable rule 218500 in ModSecurity on a global level.
It may be helpful to look at the Apache error logs.
You could also ask your host if they can help you determine what’s going on.
October 30, 2017 at 11:08 pm
I think I may have just fixed this by inserting
SecFilterEngine Off
into my .htaccess file. Is that the same thing as your suggestion on ModSecurity?
October 30, 2017 at 11:13 pm
Great find! That looks like it’s accomplishing the same thing, but it’s much easier because you can do it yourself rather than going through the host.
Wonderful! You’ve expanded my knowledge. Thank you!
October 30, 2017 at 11:16 pm
Well, it was a lucky bit of Googling, and absolutely nothing to do with any knowledge of my own!
Thanks for all your help and advice. Your support is as awesome as ever.