I have a website hosted on Hostgator Cloud (running Linux Cent OS if that matters) and its built using Codeigniter. I'm using the TinyMCE text-editor with Openmanager plugin for uploading images.
My installation directory structure looks something like this -
.
├── application
| ├── controllers
| ├── models
| └── views
| └── desktop
| └── add_question.php
├── editor
| └── plugins
| └── openmanager
| ├── editor_plugin.js
| ├── editor_plugin_src.js
| ├── encodeexplorer.php
| ├── index.php
| ├── assets
| ├── langs
| └── php
└── upload
├── index.php
├── equations
| ├── imageCapture.php
| └── img
└── images
└── thumbs
In application/views/desktop/add_question.php I've initialized my tinyMCE instance with tinyMCE.init and configured openmanager like this -
open_manager_upload_path: '../../../upload/',
Now when I try to use the plugin, I am shown this screen -
Upon consulting Hostgator, they showed me this error log entry from their side -
[error] [client 64.233.173.158]
ModSecurity: Access denied with code 406 (phase 2).
Match of "rx (/products/index\\\\.php\\\\?gallery=|connector=\\\\.\\\\./\\\\.\\\\./connectors|/admin/(?:structure/views/|[a-z]+/(?:edit|add))|/phpthumb\\\\.php\\\\?((?:w|h)=[0-9]+&)?((?:w|h)=[0-9]+&)?src=\\\\.\\\\./.*(?:pics|uploads|images)|/site-(?:builder|content)/|/node/(?:[0-9]+/( ..."
against "REQUEST_URI" required.
[file "/opt/mod_security/10_asl_rules.conf"] [line "199"] [id "340007"] [rev "42"] [msg "Generic Path Recursion denied"] [data "/../"] [severity "CRITICAL"] [hostname "example.com"] [uri "/editor/plugins/openmanager/index.php"] [unique_id "WCSMh2yz9j4AAakC028AAAPw"]
I'm not able to correctly decipher this error. What exactly is causing this error? The plugin and the whole application work properly on my localhost and another shared hosting account I have but it just fails on this Hostgator!
