Resource Save hanging on just one resource

Hi there,

I have a very small site which is very basic.
For some reason, whenI try and save the home page resource, it just gets caught in a loop and doesn’t save. I have to refresh (and lose any changes).

I emptied the ‘content’ field - and it fixes the problem.

So I assumed it was the TinyMCE extra causing it. So I uninstalled that, but it still hangs on save with the content pasted in there.

I also tried turning of ‘rich text’ so it was bare HTML.

I tried pasting the html into the content field one line at a time - which works - until I get down to a line which has inline styling!

But then the next line which has no inline styling, but has a few classnames and an image, causes the same issue.

I’m flummoxed as to what could be causing this? It’s very simple HTML.

Any ideas?

Such behaviour is usually caused by ModSecurity.
(ModSecurity is a firewall on the server that blocks certain requests due to perceived malicious content and has nothing to do with MODX).

Yes I read that on the forums before posting thanks (Actually I think it was one of your comments I read!) - unfortunately I’m struggling to get the shared host to disable it.
I tried via ht access using this:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

But doesn’t seem to affect it.

As an example - this line causes the resource to fail saving:

<p><img src="/assets/uploads/file-name.jpg" /></p>

also so does this:

<h2 style="text-align: left;"><strong>Our <a href="[[~2]]">next concert</a> is booked for:</strong> Saturday 25th June 2022</h2>

But if I take out the ‘style’ tag - like this:

<h2><strong>Our <a href="[[~2]]">next concert</a> is booked for:</strong> Saturday 25th June 2022</h2>

it’s fine!

So inline styling, and img tags are cuasing it by the looks of things?!
I’ve pasted the content ino a new resource for testing - the same thing happens.
I’ve also pasted the content into a plain text editor just in case there were some spurious characters but nothing!

Wow, that’s mod_security on steroids.

It reminds me of a case a while back where a developer couldn’t save a page containing the word ‘casino’.

I’m curious to know who’s hosting the site.

Thanks bob. It’s a random small hosting company that I’ve never heard of (inherited so not my choice).