'Sorry, this product is not currently available'

Author	« Topic »
pauld Advanced Member USA 460 Posts Pre-sales questions only (More Details...)	Posted - 10/19/2018 : 12:39:21 Folks, this is just FYI in case anyone else sees this issue in the future. This morning our PHP store displayed "Sorry, this product is not currently available" whenever visitors tried to open any of the product detail (proddetail.php) pages. A check of the 'error_log' file on our web host showed repeated failed attempts to open this file with an incorrect path that included 'wsadmin' instead of the expected 'vsadmin'. We downloaded every file on the live site to search for an instance of 'wsadmin' for fear that someone uploaded a file with a one character typo, but found none. We then opened a trouble ticket with the web hosting company, who promptly fixed the issue and entered the following on our trouble ticket. Not sure why that happens, somehow the include paths in memory get messed up, no idea why but we have seen it before and are slowly building a body of evidence to research more. Restarting PHP solves it. Restarting PHP isn't something you can do yourself, but if there's a recurrence I think if you change your PHP version in the control panel it will have the same effect. Do let us know though, as we want to know what's going on. Thanks. Again, this is just FYI, in case anyone else encounters these sorts of errors in the future. It would be interesting to know the root cause at the web host once found. Edited by - pauld on 10/22/2018 16:27:22
Andy ECT Moderator 95440 Posts	Posted - 10/19/2018 : 12:54:30 Hi Paul Thanks for posting. This came up yesterday but with "usdamin" in the path for a customer - very strange it has to be said. Andy Please feel free to review / rate our software
pauld Advanced Member USA 460 Posts Pre-sales questions only (More Details...)	Posted - 10/21/2018 : 09:32:35 Andy, when attempting to update the Long Description fields in various products from our Product Admin pages, we're getting the following error: Server Error 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. We're not seeing this error when updating other fields (like weight, etc.). Does it seem likely that this is another instance of that server bug - or is it likely to be something else? Thanks in advance for suggesting our next troubleshooting steps. - Paul D. EDITED TO ADD: logs/error_log shows "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Possible SQL injection probe" so it looks like another server configuration issue at the Web host. No reply needed, it appears. Edited by - pauld on 10/21/2018 09:39:55
Andy ECT Moderator 95440 Posts	Posted - 10/21/2018 : 09:39:12 Hi Paul That looks more like a permissions problem and may not be related. I would show that to your host. Andy Please feel free to review / rate our software
Marshall Ecommerce Template Guru USA 1875 Posts	Posted - 10/21/2018 : 09:47:32 I had this issue once. It turned out that "mod_security" did not like some of the data in the field (never figured out why), but the host had to turn off rule #340162. The theory was the Remote File Inclusion (RFI) alert was triggered because of of a URL in the description or something like that. Regardless, hope this helps. Marshall CENLYT Productions - ms designs Affordable Web Design Custom Ecommerce Designs Responsive Websites Cenlyt.com
pauld Advanced Member USA 460 Posts Pre-sales questions only (More Details...)	Posted - 10/21/2018 : 09:48:22 Wow, thanks for that Marshall. I'll forward this to our web host now. Much appreciated.
pauld Advanced Member USA 460 Posts Pre-sales questions only (More Details...)	Posted - 10/22/2018 : 16:09:32 As Marshall predicted, our error_log confirms that those '403' errors that occurred when we attempted to edit our Long Description fields were triggered by Atomicorp WAF rules (#340145, #340162, etc.). Our web host seems to suspect that buggy content in our Long Description fields could be to blame. The WAF documentation says that fields containing external URLs with unknown arguments or methods often trigger those false positives. Having said that, it's now a matter of survival to make the content of our ECT Product Detail pages as content-rich as competitors' pages on Amazon. That's why our Long Description fields have contained YouTube and external review site links for months now. Today our web host was helpful in disabling WAF rules for our domain so that we could update our Long Description fields, but this doesn't seem like the most secure, long-term solution. Given that we don't have access to WAF admin features in our web host control panel, can anyone suggest a way to test and modify our Long Description content so that it doesn't trigger WAF false positives? Thanks in advance for any suggestions. - Paul D. Edited by - pauld on 10/22/2018 16:27:41
Andy ECT Moderator 95440 Posts	Posted - 10/23/2018 : 00:27:42 Hi Paul Wouldn't setting up a second dev site help in that you can test there and it won't affect the main site or database? Andy Please feel free to review / rate our software
pauld Advanced Member USA 460 Posts Pre-sales questions only (More Details...)	Posted - 10/23/2018 : 06:08:28 Andy, Thanks for your reply. Funny you should say that... we've got two dev "sandbox" sites running at our (dirt cheap) previous web host for testing software updates and other big changes before going live. We've seen no WAF issues on our sandbox sites, so perhaps our new web host's security setup is more stringent - likely a very good thing. Perhaps it's time to move one of those sandboxes to the new host. - Paul D.
	« Topic »