Support > Elxis 4.x/5.x DEV
SEC-DEFG-0035
seadhna:
Hi, on the latest version of Elxis (5.1rev2344), when I upload an image via the Media Manager, I get banned. The defender_ban.php file gives the following ref. code: SEC-DEFG-0035
Any idea why this is happening? I can't find any other posts about this code.
webgift:
Can you try to repeat the process using a different browser?
If we have the same results please as uppload a file with
name like: 1_image
seadhna:
Hi, the same thing happens in Firefox and Chrome. Actually, I've realised I don't even need to try to upload an image. If I even try to open an image in the folder, I get banned. Then I replace the defender_ban.php file and I am allowed to look at one image or complete one action. After that I am banned again. e.g. if i look at one image, it's ok, but then if I try to look at another image, banned again.
seadhna:
maybe something with permissions with the web host? It doesn't happen in a different Elxis installation on a different host.
datahell:
I believe the problem is the name of one single image or folder. Your browser tries to load it and the name of the file gets passed to the url and so you get banned by Elxis Defender. If you use the default Elxis defender general rules then one of the following rules causes you the problem: -- or //* or /* (most probably: --)
Disable Elxis defender from Elxis configuration.
Go to Site > Logs and clear defender bans
Go to Media and search for a file (or a folder) that contains in its name the rules above. Example: test--image.jpg or my--folder
If you find the file rename it to something else (for example test-image.jpg or my-folder) and then go to Elxis configuration and re-enable Elxis defender.
If you dont find the file you can either disable the General filters or edit them and remove the line below:
array('URI,QUERY', '\-\-|\/\/\*|\/\*', 'PHP/SQL Comment'),
The general rules of Elxis Defender can be found here:
includes/libraries/elxis/defender/general.rules.php
Navigation
[0] Message Index
[#] Next page
Go to full version