Announcement

Collapse
No announcement yet.

Stuck at loading in many functions, creating accounts, contacts, settings.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stuck at loading in many functions, creating accounts, contacts, settings.

    Hi!

    I just installed Espo Crm 5.2.4 on my shared hosting server within a subdomain using Softaculous, the installation went smooth, no errors no hiccups, when I went to try it the systems get stuck when creating anything, accounts, contacts, calls, opening settings, preferences, just almost everywhere.

    I have been reading some posts and trying solutions found but no luck.
    Listing some of them
    • Clearing cache and rebuilding backend: Failed (data/logs directory found empty, no logs created)
    • Reviewing Server error log to determine possible failures
      • found
        Code:
        ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:s(?:elect\\\\b(?:.{1,100}?\\\\b(?:(?:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\\b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\\\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebt ..." at REQUEST_FILENAME. [file "/etc/apache2/conf.d/imh-modsec/05_additional_directives.conf"] [line "38"] [id "950001"] [msg "SQL Injection Attack"] [data "varchar"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "crm.ideaw.mx"] [uri "/client/src/views/fields/varchar.js"] [unique_id "WxuLcoUOxv35kiD-19hlYwAAAAM"], referer: https://crm.ideaw.mx/
        Disabled ModSecurity for my domain name had also produced no difference.

    What else should I be looking for? to solve it?

    Thanks in advance.


  • #2
    If you can't create accounts or other records it sounds like maybe a permissions issue.
    Here are some other things I would double check.

    Verify .htaccess at Espo base folder level has:

    At Top:

    <ifModule mod_headers.c>
    Header always set Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE"
    </ifModule>

    At Bottom:

    <Limit GET POST PUT DELETE HEAD OPTIONS PATCH>
    Require all granted
    </Limit>

    Apache httpd.conf

    This should contain:

    <Directory "/usr/local/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
    </Directory>

    https://www.espocrm.com/documentatio...configuration/

    Check Permissions

    Check permissions of files:

    /index.php
    /api/v1/index.php

    They must be 644. They may be changed to 664 and you’ll need to change them to 644.

    https://www.espocrm.com/documentatio...configuration/

    Comment


    • #3
      Hello again,

      I have revised the solutions proposed but unfortunately, none of them have worked, so I took another approach.
      I have deleted the installation completely and decided to
      • Download version 5.2.5 from the espocrm website.
      • Unpacked in my personal computer
      • Upload it to my web hosting subdomain (Using FTP)
      • Perform the installation.
        • Created a MySQL database and user
        • Tested the connection ok.
        • Installation suggested me to change max_excecution time and max_input_time so I did in php.ini in root folder (subdomain root folder anyway)
        • Installation finished correctly
        • As suggested above, I have checked .htaccess file
          • added :
          • Code:
            <Limit GET POST PUT DELETE HEAD OPTIONS PATCH>
            			Require all granted
            			</Limit>
            at the end of file
        • also as suggested Checked file permissions
          • 644 permissions were verified in files and folders
        • Installation went smooth, no errors detected.
      • Unfortunately, I can't view nor change apache's config httpd.config file.
        Code:
        <Directory "/usr/local/apache/htdocs">
        	Options Indexes FollowSymLinks
        	AllowOverride All
        	Require all granted
        	</Directory>
        If someone knows how to configure these directives within .htaccess file help would be appreciated.
      • Then proceed to test the functionality
        • The same problem remains, the system gets stuck in loading when creating an account, contact or whatever, also gets stuck at loading when accessing some of the administrative functions.
      • What's Next?
        • I will review the issue with the mod security issue, even though my cpanel states it as disabled. not quite sure
        • According to a post on StackOverflow site, the solutions rely on "Change the request so that it does not contain the string "/etc/" as a parameter value" on my original error report:
          Code:
          		 ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:s(?:elect\\\\b(?:.{1,100}?\\\\b(?:(?:length|count|top)\\\\b.{1,100}?\\\\bfrom|from\\\\b.{1,100}?\\\\bwhere)|.*?\\\\b(?:d(?:ump\\\\b.*\\\\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebt ..." at REQUEST_FILENAME. [file "/etc/apache2/conf.d/imh-modsec/05_additional_directives.conf"] [line "38"] [id "950001"] [msg "SQL Injection Attack"] [data "varchar"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname "crm.ideaw.mx"] [uri "/client/src/views/fields/varchar.js"] [unique_id "WxuLcoUOxv35kiD-19hlYwAAAAM"], referer: https://crm.ideaw.mx/
          That loads a configuration from /etc/apache2/conf.d/imh-modsec/05_additional_directives.conf
          from the /client/src/views/fields/varchar.js file.
        • Some other solutions That I will look into it:
          • Variable value length limits from this StackOverflow post
          • post_max_size in php.ini also from the same post
      I'll keep you posted if I find the solution to this conundrum

      Thanks again...
      Last edited by ideawmx; 06-12-2018, 06:20 PM.

      Comment

      Working...
      X