ConfigServer Community Forum

Hi,

First my english is not so good.
My OS: CentOs Linux with DirectAdmin and installed the latest version of csf v6.06

My problem...

I have a magento webshop and a payment system for my dutch customers, like paypal.
The website of this payment system is rabobank dot nl, when a customer order a product they will redirect to betalen.rabobank dot nl
The IP of this rabobank dot nl is 145.72.70.20, i have added this ip to csf.allow and csf.ignore and restarted my firewall.
Now when we make the payment we will redirect to the shop back and we get a message like payment received.
But the magento system can not see that the payment is received and the order in magento admin have the status pending payment.
When i disable the firewall everything works fine and the magento system can see that the payment is received and the order get the status payment received.
But i need this firewall, so i can not disable the firewall.

The maker of this payment module say to me that te firewall blocks the post action of this website


Can anybody help me please?

I don't think that CSF will be blocking a post, it is more related to Mod_Security. Do you use Mod_Security?

Sergio

No i dont use Mod_Security
When i disable the CSF Firewall i don't have this problem.

Sorry i see now this in the .htaccess file in the root folder of magento:
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Do you have CMC installed in your server?

What do you mean with CMC ?

Do you mean this> ConfigServer ModSecurity Control (cmc)
No i have Direct Admin as control panel.

Well, the point is that something in your server like mod_security or suhosin can block posts, CSF by itself can't block it but CSF can check mod_security and suhosin for actions depending of what you have csf configured for.

Check if suhosin is not the one that is blocking the post action.

Also, check in your apache error_log for any indication of what is causing this.

Mod_Security is disabled.
Mod Suhosin, i have the following line's

Magento root folder:

in php.ini:
in .htaccess:
In my httpd log not the error log i can see this:

Just for testing purposes, try to disable any suhosin line in csf configuration and restart csf, check if that worked. If that is working, you will have to investigate what options to set under [suhosin] inside your main server php.ini

Sergio

I have this lines in my csf.conf
And in my main php.ini file i dont have any thing with suhosin.
Any chen check the server security with csf i see: