Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hello everyone,
Using this module on my last two projects I found that I cannot delete any email from any list I've created, the site can take me to the confirmation form but when I hit "delete emails from list" it just simply throws a 403 Forbidden error.
Any advice on this? Thanks for your help!
Comments
Comment #1
justindodge CreditAttribution: justindodge commentedI found that I had this issue on a production site but not on a development site. After digging a little deeper it seems that mod_security was being triggered by the post data in the request to delete email addresses. I guess the values 'mail', 'delete', and the id '1' look like a sql injection attack.
My solution was to add an exception in our modsec2.user.conf file:
SecRuleRemoveById 340016
I found this is the apache error log, you'll see the rule ID mentioned in there as well:
Comment #2
manuel.adanCannot reproduce, assuming #1 was the problem.