I’m not able to add a dropdown anywhere in my form.
Once I drag the field to my form, it freezes all other actions. To solve this I need to save the form and then it resets itself so I can continue (without any dropdowns that I need)
Ask your web host to check the site logs. A security rule on the server hosting the site will be configured incorrectly, resulting in the field contents triggering a forbidden error, which will be preventing the ajax request that handles adding the field from completing.
Our webhost provider has indeed found some errors – see bellow – what would be the next step?
[Tue Oct 12 11:00:03.682294 2021] [error] [pid 38205] apache2_util.c(273): [client 82.143.88.34:0] [client 82.143.88.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(?:\\sexec\\s+xp_cmdshell)|(?:[\”’\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*?\\([^\\)]*?)|(?:[\"’`\xc2\xb4\xe2 …" at ARGS:field. [file “/usr/local/httpd/conf/modsecurity-crs/activated-rules/modsecurity_crs_41_sql_injection_attacks.conf”] [line “227”] [id “981255”] [msg “Detects MSSQL code execution and information gathering attempts”] [data "Matched Data: \x22select\x22 found within ARGS:field: {\x22id\x22:44,\x22formId\x22:2,\x22label\x22:\x22Untitled\x22,\x22adminLabel\x22:\x22\x22,\x22type\x22:\x22select\x22,\x22isRequired\x22:false,\x22size\x22:\x22large\x22,\x22errorMessage\x22:\x22\x22,\x22visibility\x22:\x22visible\x22,\x22inputs\x22:null,\x22choices\x22:[{\x22text\x22:\x22First Choice\x22,\x22value\x22:\x22First Choice\x22,\x22isSelected\x22:false,\x22price\x22:\x22\x22},{\x22text\x22:\x22Second Choice\x22 [hostname “ardena.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “YWVOk3naW5yQ@rGvhyVBQQAAAAo”]
[Tue Oct 12 11:01:55.660616 2021] [error] [pid 41203] apache2_util.c(273): [client 82.143.88.34:0] [client 82.143.88.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(?:\\sexec\\s+xp_cmdshell)|(?:[\”’\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*?\\([^\\)]*?)|(?:[\"’`\xc2\xb4\xe2 …" at ARGS:field. [file “/usr/local/httpd/conf/modsecurity-crs/activated-rules/modsecurity_crs_41_sql_injection_attacks.conf”] [line “227”] [id “981255”] [msg “Detects MSSQL code execution and information gathering attempts”] [data "Matched Data: \x22select\x22 found within ARGS:field: {\x22id\x22:45,\x22formId\x22:2,\x22label\x22:\x22Untitled\x22,\x22adminLabel\x22:\x22\x22,\x22type\x22:\x22select\x22,\x22isRequired\x22:false,\x22size\x22:\x22large\x22,\x22errorMessage\x22:\x22\x22,\x22visibility\x22:\x22visible\x22,\x22inputs\x22:null,\x22choices\x22:[{\x22text\x22:\x22First Choice\x22,\x22value\x22:\x22First Choice\x22,\x22isSelected\x22:false,\x22price\x22:\x22\x22},{\x22text\x22:\x22Second Choice\x22 [hostname “ardena.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “YWVPA2c@xLWNniHBCpNeGwAAAFg”]
“select” is expected there, it’s the value of the field “type” property. They’ll need to adjust their regex.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.