I’ve had an issue with SuiteCRM for a while now, atleast from 7.9.4 and am now running 7.10.9. I’m hesitant to post it in the issue tracker yet as it’s too strange and I haven’t found any one else even slightly eluding to the problem.
The issue is that when creating a quote or invoice and entering the word “Chrome” into the description I immediately get a 403 access denied page when submitting the form. Remove the word and the problem goes away. Frustratingly though, I need the word as I’m a web designer and regularly say I’ll test it in Chrome, Firefox, Safari, Edge.
This issue also occurs with the word “Envelope” and “Envelop” and will continue to through this error right down to “Env”. My guess is that some words are protected for security reasons but I have no idea.
I’m curious to know if anyone else is having this issue or have any idea why?
I’ve tested it in Chrome v71, Firefox v64, Safari v12.0.1 all with the same result.
The suitecrm.log and errorlog contains no related information. I’ve repaired .htaccess and run a quick repair with no success.
The textarea I’m referring to is simple the description field on a line item when creating/editing a quote. But It occurs on any text input field, description, line item description, service description, shipping address. https://docs.suitecrm.com/user/advanced-modules/-sales/
No I haven’t but that would have been a great starting point. Good tip.
I instead duplicated the setup and setup a mamp server locally. Locally its working without issue but hosted it isn’t. I’ve been looking into mod_security as the culprit but haven’t been able to find anything substantiel.
I did some more testing and found that typing in the words Env, Envelope or Chrome into a contact, product or task textarea does not trigger the issue. It seems to only occur on quotes and invoices or at least thats what I’ve found.
I can’t simply switch hosts at the moment nor can I ask the host to turn off mod_security because I can’t type in words, I need to find out more about what is happening to fields on quotes/invoices. Are they running through a process which checks for insecurities or something but I’m a bit out of my depth.
In summary the error seems to be related to hosting but is being caused by SuiteCRM
The fact that the error is 403 access denied sounds like some anti-virus software or some mod_security rule (like you mentioned) doing excessive cleaning…