Firewall block's my payment system

[3kagit]

Hi,

First my english is not so good.
My OS: CentOs Linux with DirectAdmin and installed the latest version of csf v6.06

My problem...

I have a magento webshop and a payment system for my dutch customers, like paypal.
The website of this payment system is rabobank dot nl, when a customer order a product they will redirect to betalen.rabobank dot nl
The IP of this rabobank dot nl is 145.72.70.20, i have added this ip to csf.allow and csf.ignore and restarted my firewall.
Now when we make the payment we will redirect to the shop back and we get a message like payment received.
But the magento system can not see that the payment is received and the order in magento admin have the status pending payment.
When i disable the firewall everything works fine and the magento system can see that the payment is received and the order get the status payment received.
But i need this firewall, so i can not disable the firewall.

The maker of this payment module say to me that te firewall blocks the post action of this website


Can anybody help me please?

[Sergio]

I don't think that CSF will be blocking a post, it is more related to Mod_Security. Do you use Mod_Security?

Sergio

[3kagit]

No i dont use Mod_Security
When i disable the CSF Firewall i don't have this problem.

[3kagit]

Sorry i see now this in the .htaccess file in the root folder of magento:
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

[Sergio]

Do you have CMC installed in your server?

[3kagit]

What do you mean with CMC ?

Do you mean this> ConfigServer ModSecurity Control (cmc)
No i have Direct Admin as control panel.

[Sergio]

Well, the point is that something in your server like mod_security or suhosin can block posts, CSF by itself can't block it but CSF can check mod_security and suhosin for actions depending of what you have csf configured for.

Check if suhosin is not the one that is blocking the post action.

Also, check in your apache error_log for any indication of what is causing this.

[3kagit]

Mod_Security is disabled.
Mod Suhosin, i have the following line's

Magento root folder:

in php.ini:

Code: Select all

; disable user agent verification to not break multiple image upload

suhosin.session.cryptua = off

in .htaccess:

Code: Select all

###########################################
# disable user agent verification to not break multiple image upload

    php_flag suhosin.session.cryptua off
    php_flag suhosin.simulation On

In my httpd log not the error log i can see this:

Code: Select all

MYIP - - [25/Mar/2013:16:47:12 +0000] "POST /omnikassa/api/return/ HTTP/1.1" 302 2333 "https://payment-web.omnikassa.rabobank.nl/nl/payment/customerredirection" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22" 

[Sergio]

Just for testing purposes, try to disable any suhosin line in csf configuration and restart csf, check if that worked. If that is working, you will have to investigate what options to set under [suhosin] inside your main server php.ini

Sergio

[3kagit]

I have this lines in my csf.conf

Code: Select all

# [*]Enable detection of repeated suhosin ALERTs
# Example: LF_SUHOSIN = "5"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"

And in my main php.ini file i dont have any thing with suhosin.
Any chen check the server security with csf i see:

Code: Select all

Check php for Suhosin	WARNING	You should recompile PHP with Suhosin to add greater security to PHP