IP.Board 403 Error on editing posts

Hi

A friend has an issue today after upgrading the IPB to latest version as he was not able to edit some posts and looks like an ava/ajax issue maybe and the response from support was:

---

Code:

Do you have mod_security installed? 
I have disabled javascript and have been able to edit posts just fine so what I think is happening is mod_security is flagging the javascript AJAX edit request as potentially malicious in error. 
Could you or your host please check if mod security or similar is installed and if so to whitelist the specific rule being hit?

The response is a 403 no permission response from nginx.

Any ideas?

Thanks

 

Yes Centminmod latest.

The support response:

Code:

The URL that the edit comment value is being sent to is triggering a server-level 403 error response from the front end nginx server.

Even if you try to visit this URL directly it fails:

http://www.domain.com/topic/5220-sugerencia-t%C3%A1bidos/?do=editComment&comment=28245&url=http://www.domain.com/topic/5220-sugerencia-t%25C3%25A1bidos/

Please contact your host and inquire as to why requesting this URL is throwing a 403 error response. I suspect some sort of firewall or other security software is causing this issue.

and checking on domain logs there is no any related entry for it....

 

I did check but there was no info there......

I solve it by commenting on domain config this:

Code:

# prevent access to ./directories and files
#location ~ (?:^|/)\. {
# deny all;
#}

Don't know why this one help it and if we can have any fix for it or use another way for it?

I am wondering what they add on the new version that gets blocked by this rule....

Any ideas on what to search for so i may find the root cause of it as i prefer to not have this rule off ?

did they use any .file or something related now?Don't think so.....

Is there any grep command to search for what exactly this rule blocks and found where exactly the issue is from?

Thanks

 

What rule to use?

If i use it before then it will not get override from the bellow related rule?

So what this rule do and should i remove it?

 

But the location for / doesn't have any special rule inside.....

Also topic folder doesn't exist as it is dynamic created if that matters....

so something like this ?

Don't know what rule to use....confused....

 

Ok thanks i will test it

But checking his config i can't see anything related to /topic ....

 

Don't know if it is a security risk to remove it or not .... ?

 

I didn't disable that include but it works.....how is this possible? Confused....