403 Forbidden POST with html

[unident3]

I assume the issue is with html code in $_POST.

I'm trying to make a BB tag for embedding YT videos, I've also had issues with
replacement code in other areas of my site, I was curious if I could get
confirmation and suggestions as to what actions could be taken.

Also, i have already checked permissions, files 644, folders 755

 

[unident3]

After numerous google searches it seems that the most common issues with MyBB 403 messages are cause by the mod_security settings.
None of said posts elaborated on what the setting was or what it was changed to.

 

[vergegam]

Not sure if this is a serious problem, but you're missing a few regular expressions that I would expect. This might work a bit better:
http(?:s?):\/\/(?:www\.)?youtu(?:be\.com\/watch\?v=|\.be\/)([\w\-\_]*)(&(amp?‌[\w\?‌=]*)?

I ripped this straight off of: http://stackoverflow.com/questions/3717115/regular-expression-for-youtube-links
which has more information on the subject.

 

[caftpx10]

How many links were you trying to post within a single post?

 

[unident3]

Screenshot shows what is posting.

 

[caftpx10]

Oh. Right. What happens if you make the replacement only say '$1' and post that?

 

[unident3]

With just $1 I get a 501

 

[caftpx10]

Mhm.. what if you type some normal text (no '$1' or any tags) for the replacement? If the 403 is still triggered then it would probably be safe to say that a mod_security2 rule is detecting the regex pattern.
There are some X10 staff who are able to make the rule exception on a per-account basis but it can take some time for them to come on.

 

[unident3]

Same result as $1, the 501.

 

[caftpx10]

Does 'video id $1' also result in a 501 response?

EDIT: Trying to not hit a different rule with the wording used.

 

[unident3]

You guessed it. Passes just fine without regex.

 

[unident3]

EDIT: Trying to not hit a different rule with the wording used.

I'm not sure what you mean by this, /rule/ ?

 

[caftpx10]

I'm not sure what you mean by this, /rule/ ?

When I was typing that post, an example I had in single quotes looked as if it might be in a mod_security2 rule so I edited it with something else just in case it ends up triggering a rule itself.

You guessed it. Passes just fine without regex.

So it works fine with the with regular expression in the first field but with the replacement being 'video id $1'?

 

[unident3]

It works if I remove the regex, and there is plain text(IE: no html tags) in the replacement.

 

[caftpx10]

Two rules (regex, HTML tags[?]) are going into play?
If you were to have '<b>$1</b>' as replacement would it also have a 403/501? iframes are likely to be blocked as part of a rule (directly or indirectly) because of malicious uses from attackers.
Honestly I don't really know RegEx myself so I can't tell by the pattern if you could XSS inject that (could be the reason why that might be getting blocked also).

 

[unident3]

Ok so, the 403 is being caused by the html tags being flagged, and I have no idea why the regex is being flagged.

 

[unident3]

Still haven't gotten a response to this, everywhere I read, It comes back to incorrect "mod_sec" setting.