It has been a problem for 30 days with at least 200 hundred orders a day having to be actioned manually and the best you have done so far is play blame tennis. OMG.

At the very least after that amount of time, try a different server, no rewards for stubborness in ecommerce, just time lost. You simply have to start ruling things out instead of looking for answers at this stage. First job, the hosting.

Hi,

If Protx have confirmed that they are sending the callback to your server (they should be able to trace them) then it would suggest that the problem lies with your server.

I would think that this is a temporary suggestion so you can then test an order and see if it helps to determine if it is that causing the problem or not. It may be that mod_security is not configured correctly as it may not be letting certain specific non-alphanumeric characters (like null bytes) through. You could ask your hosting company to take a look at http://www.onlamp.com/pub/a/apache/2..._security.html that might help (it's quite technical).

Lee's suggestion is also a good one to determine whether the problem lies with your server.

PSP Problem

Two sites on the same server with the same mod_security settings!
Hosting is confused why one site works and the other does not. I have several sites for my client on a reseller package so swapping server is not easy. Changing hosting completely seems to be a sledgehammer to crack a nut, particularly when all three parties only started exchanging emails this week after a month of finger pointing.
Hosting has requested the data content & structure that is fed to each server during the write request so they can why check why mod_security is triggered, but so far Actinic have not provided it.
Actinic support have so far just repeated the mod_security fix without offering any help to hosting to help pinpoint the problem ie the data within the write process that must be encoded within Actinic! Protxc support say they are using what Actinic provides so the root would seem to be Actinic.
Surely mod_security in the bad case is triggered by what it is fed, not necessarily by its own filters??

Believe me when I says that wierder things have happened . The thing is that we have to narrow down the problem. If you can turn off mod_security and test an order and at least confirm that it isn't mod_security causing the problem then. Maybe there are no null bytes contained in the callback for Site2 but there are on Site1. Just a possibility.

Protx wrote the integration and as far as I can see, Actinic is doing everything it needs to. It is transferring the customer to the Protx webserver - at this point it is nothing to do with Actinic - Protx deal with the payment and send a callback to your server which seems like it is not being accepted by your server (although you haven't said that Protx have confirmed that they are sending the callback). However, the only thing you can do within Actinic to make sure it is all correct is to replace the files used by Protx with the original ones, so do the following:

- browse to your site folder and go into the 'CommonOCC' folder
- take a backup of 'OCCPROTXScriptTemplate.pl' (as this will contain your encryption key)
- then browse to 'C:\Program Files\Actinic v7\OCCUpgrade\CommonOCC'
- copy 'OCCPROTXScriptTemplate.pl' and 'Act_OCCPROTXTemplate.html'
- paste the files into your '<site>\CommonOCC' folder and overwrite the existing ones
- open 'OCCPROTXScriptTemplate.pl' from your '<site>\CommonOCC' folder in a text editor such as notepad
- search for 'password'
- replace 'testvendor' with your own encryption key
- if your client also receives emails from Protx change the '$sConfirmationEMail' value too
- close and save the file and refresh your website (Web | Refresh Website)
- place a test order

If the same problem occurs then the problem doesn't lie with Actinic as we have a lot of customer using Protx who don't get this problem.

Another option you could try is to upload a default site to a test directory (Web | Switch to Test Mode) with Protx enabled using your clients account settings to see if that works.

PSP Problem

Tracey,
Protx have confirmed they are attempting a writeback.
Protx state they write back to the locations given by Actinic, all sites are treated the same, so not a Protx problem.
On the assumption all Protx callbacks are the same then removing mod_security will mean it will work, proving it is mod_security? Not "confirm that it isn't mod_security " as you suggest! (confused)
We already know it is mod-security stopping the callback (server log results)it is down to the data structure / content of the callback that mean we get two results from two sites.
The url and other order data in the callback comes from Actinic.
Hosting are currently asking for the callback data/structure and Protx IP address to track the incoming callback and then look at the mod_security rules to either, amend or write a new one, thus keeping server security intact.
As this is ongoing with support today look at ticket 169413 or talk to Paul Murphy.

I wanted to see if any other users have seen this problem and I could gain any other insight other than the dogmatic replies and finger pointing I am getting from support.

PSP Problem Solved

This problem has been solved by Protx support.
The mod-security was triggerd by ../ in the callback path.
This was set as 'Path from cgi-bin to acatalog Directory' in network settings by the Wizard.
So not a server issue, as persistently claimed by Actinic support for the last 29 days.
Issue raised with Actinic on 20th Jan, developer time lost, 10 hours, 50 emails sent, sanity put in question.
My client pays for Actinic support, shame on you Actinic.

That's a bit strong Ray, I can't believe you never compared network settings on the 2 sites. Surely that would be one of the very first things to check with 2 sites on same service, particularly being a developer? Shame on you I say, what a bizarre blame culture you run there.

PSP Problem

Lee,
Are you an actinic support front?
With two sites uploading and functioning Ok from an ftp perspective why would I consider it a problem with a payment process?
Obvious things can get missed ' When you up to your ar*& in alligators it is difficult to remember you are trying to drain the swamp' that is where support come in, go around the obvious and check.
Also, where you aware the callback process uses the path from cgi-bin, it took Protx to decrypt the callback to find the problem.
I would contest those developers who wrote actinic should be aware of the path and its role in the callback, and it should be a questioned asked when a callback issue is raised. Actinic support have for 29 days insisted to me, hosting support and Protx support is is a server issue.

I'm not a front at all, in fact i've been one of their biggest critics over the years, so forget all that mallarky, it's my opinion on what I read. It would never have reached them had you done the same thought process you blame them for not doing?

They are not faultless for sure but like me they will have almost certainly presumed that the very basics were in place if indeed one site worked fine. Surely the site fails a network test? that's an absolute fundamental to setting up an actinic site, as i'm sure you know (please don't hide behind the ftp excuse).

Throw stones at them for sure, hell i'll even join you most of the time, but do it in a fair manner. I'd be asking you far more questions than them.

PSP Problem

Lee,
Site does not fail network test, functions with no problems, only issue sucessful payments going into PSP.
So ../ is only relevent in a callback with mod-security running on the server.

Understand support is tough, however when Protx suggested, and hosting suggested a software problem Actinic have always said it was not and was a server issue. Despite asking on numerous occasions how the second site could possibly function on the same server and same mod-security settings no explanation was ever offered, just repeating it is a server issue.
Actinic had the snapshot since 11th so did they check it, they are the experts after all?
There approach has been:
Two twins, one keeps getting headaches, solution?
Cut the head of the one with the headache.
Based on history this solves the problem 100% of the time.
Problem solved !
You can see the frustration this dogmatic 'not my problem' solution to the last point in the chain, rather than tracking back to possible causes near home can engender. Simply opening minds to other solutions and being cooperative by supplying informtion to other support folk would have solved this much earlier. end of rant.

Ray I can sense you are pissed off, so i won't continue any further, the above did have me howling though, that's a fantastic one liner .

Glad you are sorted anyway.