So I installed EE for the very first time. Copied the files, created the DB and user, ran the installation, and everything worked great.
Next, I go into my config file and set:
$config['csrf_protection'] = TRUE;
That’s all it takes… now I can’t log into the Control Panel! I get the “The action you have requested is not allowed.”
What am I doing wrong!?
Why are you trying to set that in your config file? I'm pretty sure csrf_protecton is a CodeIgniter setting and not properly supported by EE. EE has other built in security measures to avoid CSRF attacks.
Related
I am trying to set up thingworx composer on a Linux machine.
In the Application logs the Server is ON and db is initialized.
But when in the browser I try to open composer, then it is stuck at the landing page (the black page with Thingworx logo in green) and doesn't go to the Composer Home page.
#Tarun if you are still facing the problem, then try restarting the tomcat and db servers. Make sure that there exists 'Thingworx' folder under Tomcat install dir/webapps folder, as upon successful installation Thingworx will automatically creates a folder over there.
Considering the Thingworx directory exists, try to access the apache tomcat's catalina logs and look for any errors at the End of File.
Have you tried clearing the browser cache? If this is a migration/upgrade, you may have a prior UI cached in your browser and it is conflicting with the version you are currently trying to install.
Additionally, checking the Security Log and Application Log for any warnings or errors may provide more insight into why the server is not loading Composer.
Make sure that JAVA_HOME environment variable is set and Thingworx related folders have write permission of the user. Also, this can be caused of license problem. Make sure your license.bin file exists in ThingworxPlatform folder and platform-settings.json file is valid.
For further assistance, you can create a ticket from PTC Support.
Basically took a backup from server and restored it on my machine. Everything seems to be displaying correctly. But when I go to my System Settings, there are missing settings. But when I check modx_system_settings, they're there. Also cleared cache multiple times, so that's not the issue it seems.
Any ideas?
Thanks!
there is a cache_system_settings and cache_context_settings... though if you have cleared cache multiple times. actually delete the files to verify. Is it possible that you have context settings that would be overriding system settings? It would be helpful to tell us what settings are "missing"
Are you sure that the you crosschecked the same database tables? Is the table modx_system_settings the same table that MODX installation has in use?
Another possibility could be a not writable cache file in core/cache/system_settings or core/cache/context_settings.
Found the answer for my case. Basically it was server related. Live server is using linux, so when I set it up on my local which is wondows based, I had to search systems settings in DB for "locale" and update the value to English. That fixed my system settings. Everything showing now.
I just attempted to update the site map provider from 3.3.6.0 to 4.0.14. I followed the instruction on the wiki however my SiteMapPath now renders empty. I made no changes to the mvc.sitemap file other than updating the schema to 4.0. When I debug into the SiteMapPathHelperModel I find that the model has no nodes defined. I am using the internal DI container (I would like to get this working before switching over to the application container).
When I check the sitemap.xml file it is well populated which makes me think that the mvc.sitemap is being read.
I'm out of ideas on this one and would be happy to provide any additional information which may be useful. I'm not even sure where I can hook into debug this problem. Literally the only thing I changed between a working 3.3.6.0 and a not working 4.0.14 was what was prescribed on the wiki.
Ok, since your /sitemap.xml endpoint appears to be working, you are correct the sitemap is being populated and loaded correctly.
There are a couple of things I know of that can cause this to happen:
If you are using Dynamic Node Providers, they must be added to a node that is not otherwise part of the sitemap. See my question here - I am trying to figure out why this is the case as well.
Your routes don't match your nodes - please read Routing Basics and/or post your routes and Mvc.sitemap XML.
If you check the above and everything appears to be correct, please make a small demo project showing a sample of your configuration and open an issue on GitHub, as it is highly likely your specific configuration has something to do with the problem.
BTW - You can debug by cloning the current repo on your system or downloading the solution as a zip, enabling NuGet package restore on your solution (right click the solution > Enable NuGet Package restore), add the MvcSiteMapProvider project to your solution, and then in your project remove the reference to MvcSiteMapProvider and add the reference to the newly added MvcSiteMapProvider project from your MVC project. Then you can add breakpoints and step through the code. I suggest making a backup of your solution (or ensure you can roll back another way) before doing this, and reverting back to your current state when done.
I have documented the whole procedure here: http://www.shiningtreasures.com/post/2013/08/21/debugging-an-mvcsitemapprovider-configuration
I need to make an upgrade of Liferay, as mentioned above(5.2->6.0) So far, as my research (1,2,3) shows I need to:
Make backups of the Database and file system of plugins (especially portal*.properties).
Overwrite dependency jars
Deploy new .war
Set permission algorithm to 5 in the properties (as L-5.2 uses it, however L-6.0 uses 6)
Start application,
see if the DB updates correctly
see if the portal is working correctly
Clean up user-specific permissions
Convert legacy permission algorithm to 6 in the control Panel
Migrate a custom theme.
Upgrade EXT to EXT Plugin(p. 398)
It's fairly understandable, but I stumbled upon this thread(Missing FileEntryForm class). Are there any more changes of this kind?
Also, is there something else I'm missing?
Thanks :)
I was working on my home server remotely and wanted to make some changes to my .htaccess. I could not see this files using my FTP(filezilla) and thought there was none there. I decided to upload one I had in my computer to my server in public_html and although the upload was successful per FZ, this file is not listed anywhere, even when I physically access the server.
It looks like it is being hidden. The main problem is that after this, now I get the following error message and cannot access my test site:
You don't have permission to access / on this server.
If I access my server and DISABLE SELINUX or make it PERMISSIVE, my pages start working as normal. If I make it ENFORCING my webpage becomes unavailable and I see the error listed above.
Questions:
First of all, how can I make this .htaccess visible in a CentOS 5.6 system?
What is the difference between ENFORCING and PERMISSIVE?
Will I run into Security Risks if I leave my server setup as PERMISSIVE?
Thank you all,
Heh. No one has answered this in 4 months because it's hard to find an answer that is direct & specific (per the guidelines) and won't start a discussion. But I'll give it a try.
FileZilla can show hidden files, the method is different for different versions. Try the View or Server menu, or look for "hidden" in the built-in help.
ENFORCING means that selinux is running and prevents actions that violate its active policies. PERMISSIVE means that selinux is running and logs (but does not prevent) actions that violate its active policies.
Yes. Specifically, in ENFORCING mode, a hostile entity would have to both upload a file with malicious code and set the selinux context for the file in order to run it. In PERMISSIVE mode, they just need to upload the file. This is the most likely explanation for your experience: you uploaded a new .htaccess file, but did not set its selinux context.