Upgrade to 1.1.5 - 403 error access forbidden

[goldeneye243]

RainLoop version, browser, OS:
upgrade to version 1.15 from working 1.14
Expected behavior and actual behavior:
Expected behaviour - "To upgrade the installation, you simply need to upload files from the new package overwriting existing files. Directory structure is organized to have each new version installed to a different directory. Only a few files will be actually overwritten (/index.php and /data/VERSION).

All the additional reconfiguration will be done by the product on next run."

Actual behaviour is 403 error access forbidden

Fresh install is same behaviour

[sukhbirgs]

Browser test with multiple ( firefox, chrome, edge )
Upgrading from v 1.14 to 1.15
Error: 403 access forbidden

Changing back to version 1.14 in index file works.
Could be issue with CWF modsecurity, that's only error i found in logs.

`Tue Feb 02 09:56:52.773125 2021] [:error] [pid 15441:tid 139720428046080] [client 10.2.1.75:3835] [client 10.2.1.75] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?i:<[\\t\\n\\r ]{0,}IFRAME[\\t\\n\\r ]{0,}?[^>]{0,}?src=\\x22javascript:)" at RESPONSE_BODY. [file "/usr/local/cwaf/rules/19_Outgoing_FilterInFrame.conf"] [line "21"] [id "214550"] [rev "1"] [msg "COMODO WAF: Malicious iframe+javascript tag in output||mydomain.com|F|3"] [data "Matched Data: <iframe src=\x22javascript: found within RESPONSE_BODY: <html class=\x22no-js rl-booted-trigger rl-started-trigger glass\x22 dir=\x22ltr\x22><meta http-equiv=\x22X-UA-Compatible\x22 content=\x22IE=edge,chrome=1\x22/><meta name=\x22viewport\x22 content=..."] [severity "ERROR"] [tag "CWAF"] [tag "FilterInFrame"] [hostname "mydomain.com"] [uri "/imail/index.php"] [unique_id "YBmEVOBEl8x1sNqhch0L1AAAFB8"]

[Tue Feb 02 09:56:52.773463 2021] [:error] [pid 15441:tid 139718817728256] [client 10.2.1.75:3835] [client 10.2.1.75] ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/usr/local/cwaf/rules/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4|mydomain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "mydomain.com"] [uri "/imail/index.php"] [unique_id "YBmEVOBEl8x1sNqhch0L1AAAFB8"]`

[goldeneye243]

@sukhbirgs does that mean that you have seen the same issue as me?

[sukhbirgs]

@sukhbirgs does that mean that you have seen the same issue as me?

Looks like it.

[DerDanilo]

Disabling ModSecurity allows the update (via WebUI or manually). So there seem to be some issues that need solving.

[ghoeppener]

I have the same issue. Additional info, when I add the index.php to the URL, rainlopp works (a little)
I use the community edition.

[koenzie]

same problem over here, also happens with a complete new install on a different domain

[Alinthda64]

The problem comes from the "FilterInFrame" rule (modsecurity ). By disabling the rule, everything works

[ghoeppener]

@Alinthda64 Please can you explain how i can do it? I didn't know where i finde it? Thanks.

[Alinthda64]

,@ghoeppener I have a graphical interface provided by plesk, I don't know how to do it otherwise.

[ghoeppener]

I use plesk too an I found it in the Web Application Firewall. Now it works. Thanks.

[sukhbirgs]

Disabling COMODO WAF: Malicious iframe+javascript tag in output rule, RULE ID 214550 did the trick. I guess its the same rule mentioned above. To disable and you have access to gui, navigate to "Catalog" tab and Filter by [Item ID]: 214550
and set status off.