Checkout being filtered out by ModSecurity firewall

Get help with nopcart Perl, PHP or ASP checkout related issues.

Moderators: Koibito, Stefko, Randy

Checkout being filtered out by ModSecurity firewall

Postby seocomsale » Thu May 23, 2013 3:53 pm

Hi All,

My hosting company did a recent upgrade on the servers and one that thing was added was the ModSecurity open source firewall system. While I would like to have this firewall active, it seems that it catches on something in NopCart4 checkout.

If a customer only buys one or two items, it seems to be OK, but if someone places a full complement of 12 items in the cart (a full cart) then it kicks in and blocks any further checkout process and even starts to block access to any pages on my site from the blocked computer. (An adjacent computer can still access all pages.)

The following error message is received in the browser window:

Method Not Implemented
GET to /postcard/checkout.html not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The partial url in the error message after "GET to" is given as whatever page you are trying to access after you have been blocked.

All I can do is either turn ModSecurity completely on or off for the entire site. If I wanted specific rules implemented in ModSecurity, than I would have to go through my hosting company. I would like to get ModSecurity back online as I can see in my error logs that there are some whackos out there trying some funny stuff to hack my site. (Trying to access php pages that do not exist, like login.php, register.php, etc.)

I am on a linux server and most of my pages are written in php so as to be self updating to the latest database updates of listed items.

Any thoughts or suggestions would be appreciated.

Posts: 12
Joined: Fri Jul 02, 2010 1:49 am

Return to Help: Perl/PHP/ASP Checkout

Who is online

Users browsing this forum: No registered users and 1 guest