Contrib.social

root.js file not loading on certain web server setups

Open on Drupal.org β†’
Created on 9 June 2023, over 1 year ago
Updated 22 June 2023, over 1 year ago

Problem/Motivation

On certain web server setups, root.js?v=<version> file, which is loaded from the global-styling library in root theme, fails to load with a 406 Access Denied error due to Apache Modsecurity rules.

Request:	GET /themes/contrib/root/assets/js/root.js?v=3.0.0-alpha2

Action Description:	Access denied with code 406 (phase 2).

Justification:	Pattern match "/(new(cmd|command)|(cmd|command)[0-9]+|pro18|shell|sh|bash|get|root|nmap|asc|lila)\\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|htm|html|tmp|php|asp)\\?" at REQUEST_URI.

I have setup a Drupal installation on a AlmaLinux Server using WHM/cPANEL (https://cpanel.net/products/cpanel-whm-features/) which is a very popular web hosting manager. Out of the box, the modsecurity rules where already in place when the web server was setup by hosting provider.

This can be an issue with hosting services where end users may not have administrative access to modsecurity configurations.

Steps to reproduce

  1. Set up web server with apache modsecurity restriction that does not permit usages of root.js?v=<version_number> like the pattern shown above
  2. Set up Drupal application on web server with root theme set as the admin theme
  3. Login and attempt to add content, once on that page, click on three dots on the top right of the web page, javascript interaction broken
  4. accessing http(s):///themes/contrib/root/assets/js/root.js?v=3.0.0-alpha2 returns access denied error

Proposed resolution

Renaming the root.js file to a non restricted naming convention.

πŸ› Bug report
Status

Fixed

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States asierrajr

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024