Announcement

Collapse
No announcement yet.

Sellerdeck and Hosting with Mod Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Sellerdeck and Hosting with Mod Security

    ModSecurity is an effective toolkit for real-time web application monitoring, logging, and access control which is used by many hosting companies. Sellerdeck's way of working particularly in respect of PSP integration will sometimes trigger Mod Security rules on hosting where Mod Security (https://www.modsecurity.org/) is used.

    There are two things to do in this situation.

    Firstly a font-family specified in several Sellerdeck email HTML inner layouts contains the work 'system' and this can trigger ModSecurity rules.
    Code:
    <font face="Courier New, Courier, System">
    Change this to
    Code:
    <font face="Courier New, Courier, monospace, monospace">
    Yes there are two instances of monospace: The font-family: monospace, monospace; declaration is a simple hack/workaround for some browsers which tend to reduce the font size of monospace fonts. More info: https://github.com/necolas/normalize...ment-197131966

    The emails in question are as of today's date:
    Code:
    User Definable HTML Inner Layout
    Resend Digital Download URL HTML Inner Layout
    Payment Received HTML Inner Layout
    Order Shipped HTML Inner Layout
    Order Received HTML Inner Layout
    Apologies if any omissions.

    It is also a good idea to ask your hosting company to add certain whitelist rules to ModSecurity: These are the rules to specify
    Code:
    303937
    341245
    378491
    380018
    392301
    If you are still having trouble getting PSPs to talk to your site you may need to add a couple more whitelist rules;
    Code:
    303937
    341245
    378491
    380018
    392301
    337479
    390709
    332039
    Jonathan Chappell
    Website Designer
    SellerDeck Website Designer
    Actinic to SellerDeck upgrades
    Graphicz Limited - www.graphicz.co.uk

    #2
    Thanks Jonathan, this is very helpful.

    Are there any signs or indications we should look for that might indicate mod security is interfering or throwing a wobbly?
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment


      #3
      Usually the client complains that payment processors are not properly connecting back to the site, or anything weird!

      Best wishes

      Jonathan
      Jonathan Chappell
      Website Designer
      SellerDeck Website Designer
      Actinic to SellerDeck upgrades
      Graphicz Limited - www.graphicz.co.uk

      Comment

      Working...
      X