Activating with Gravity Forms causes 403 error

Hi @edluvables – thanks for writing in and we apologize for this inconvenience.

I will need to escalate your query to our developers and as soon as we heard back any updates then we will reply to this ticket right away.

Your patience is highly appreciate.

Thank you & have a great day!

Hello @edluvables, just a follow-up. Please could you send us a screenshot of what the error says and could you send us any error messaging from your logs?

Our developers need this information to proceed further. Thank you!

Hi Maria,

I checked my error log to paste it in here, ran a few searches, and found a stack overflow link with the error.

Everything was fine with no errors and then I migrated the website to a plesk server, which is what this link is referring to: https://stackoverflow.com/questions/61098278/modsecurity-rule-214940-warning

And here are my errors:

ModSecurity: Access denied with code 403 (phase 4). Match of "rx \\\\ssrc=\\\\x22https:\\\\/\\\\/www\\\\.googletagmanager\\\\.com\\\\/ns\\\\.html\\\\?id=GTM|\\\\ssrc=\\\\x22https:\\\\/\\\\/w\\\\.soundcloud\\\\.com\\\\/player\\\\/\\\\?url=" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/19_Outgoing_FilterInFrame.conf"] [line "14"] [id "214540"] [rev "5"] [msg "COMODO WAF: Possibly malicious iframe tag in output||ercrecoverynow.com|F|3"] [data "Matched Data: <iframe style='display:none found within TX:0: <iframe style='display:none"] [severity "ERROR"] [tag "CWAF"] [tag "FilterInFrame"] [hostname "ercrecoverynow.com"] [uri "/index.php"] [unique_id "YdhiqlAsVPSGl2@5k0ReVwAAAFI"], referer: https://orion.managewp.com/

[Fri Jan 07 15:56:26.983666 2022] [:error] [pid 1113194:tid 140240463288064] [client 172.70.82.158:0] [client 172.70.82.158] ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4|ercrecoverynow.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "ercrecoverynow.com"] [uri "/error_docs/forbidden.html"] [unique_id "YdhiqlAsVPSGl2@5k0ReVwAAAFI"], referer: https://orion.managewp.com/

I whitelisted [id “214540”] and [id “214940”] and now there is no error, so if anyone else runs into this after migrating to plesk, this should help out.

What I don’t know for sure is if I just open up a vulnerability. Hopefully everything is fine there, I’ll keep an eye on it. I should have checked the error log before posting ??

Thanks!

• This reply was modified 2 years, 10 months ago by edluvables.

Thank you for sharing, @edluvables!

We will take note of this and we’ll see if we encounter same reports in the future.

Have a great day & stay safe!

I wanted to chime in on this topic @mariatogonon so that the team was aware this wasn’t a one-off issue. I encountered the same problem as @edluvables. Same setup, fresh install across the board, everything up-to-date. Immediately after adding a gravity form to my homepage, I received the 403 Forbidden Plesk page. Found the same errors within the server logs. Whitelisting the IDs mentioned resolved my issue right away. I’ve used gravity forms on a ton of different projects with very similar setups and I’ve never had an issue using it with Plesk. This seems like a bug that needs to be addressed.

Thanks again @edluvables for the guidance!

Hi @bledford I’m glad to see this helped you out!

Wanted to chime in as well @mariatogonon I have a new server running Plesk Obsidian, fresh domain, fresh install and did all the usual change theme, disable/renable/reinstall plugins, and when it came down to it, it was GravityForms. The error was only occuring on pages where I had a form. I use Elementor, but I tried embedding directly into a non-elementor page, same result.

Eventually found this article and did as @edluvables suggested and now everything works.

I’m running WP Core 6.01 with Gravity Forms 2.64 using PHP 8.0.21

Anyone have a clue as to whether this opens up any dangerous security holes? I’m getting the same issue (without Gravity Forms).

I am also getting the same issue due to gravity forms in plesk server. But there is no modsecurity issue in the debug.log file.
How can I fix this?

Same issue here with 403 error on the home page only and Gravity forms installed. Disabling ModSecurity or disabling the gravity forms resolved the issue and is a good way to test the problem

the error is nor reported in debug.log file You need to go into your WAF and view the modsecurity log file to see the errors.

Whitelisting [id “214540”] and [id “214940”] is the correct way to resolve the issue!