Hey Ian,

I am really sorry for the delay of this reply as it is a weekend for us here. You are hitting this error upon linking your Facebook account because your web hosting provider has mod_security in place which prevents the redirection from Facebook back to your site work correctly. You need to contact your web host to turn off mod_security in order for this to work.

Thanks Mark,
i have been in touch with my web host - see below

this poses quite an issue as i am a reseller and have about 7 clients who use easyblog on the same servers

can you please advise

Thank you for contacting us in regards to this matter, I hope you are well!
Unfortunately the mod_security rules on the server cannot be disabled as that would cause security issues.
I have checked for your robinriddlephotography.com account and I do not see any mod_security rules triggered for it that might be related to this issue. Can you please advise the exact issue that you are facing and maybe a way on how we can replicate that so we can further check?

Looking forward to hear back from you!

Hey Ian,

Firstly, do take note that support will only be provided for 1 domain only as per our license agreement since you are using the Pro version instead of the Unlimited. You should consider upgrading to the Unlimited version if you are deploying EasyBlog for all of your customers

This is one example of the URL that is blocked by mod_security on your server.

http://www.robinriddlephotography.com/administrator/index.php?option=com_easyblog&task=facebook.grant&system=1&error_code=1349126&error_message=App+Not+Setup%3A+This+app+is+still+in+development+mode%2C+and+you+don%27t+have+access+to+it.+Switch+to+a+registered+test+user+or+ask+an+app+admin+for+permissions.&state=aHR0cDovL3d3dy5yb2JpbnJpZGRsZXBob3RvZ3JhcGh5LmNvbS9hZG1pbmlzdHJhdG9yL2luZGV4LnBocD9vcHRpb249Y29tX2Vhc3libG9n#_=_


I believe the "state" query string is causing a false positive report by mod_security.

Hi Mark,
just to clarify - im a reseller of hosting space - not your product - i facilitate robins site

i appreciate you sending the info and stating that the issue is with the stay string - im not sure what im supposed to do with this information.

the hosters wont disable the module - are you telling me that this product wont work with the module in place - there is no solution?

this has only only just started happening - is it to do with the way the upgrade works?

what can i do to get it working again?

Thanks

;-)

thanks

Hey Ian,

You should contact your web host to look into this. EasyBlog would still work fine with the site and with mod_security in place, you will most likely only have issues with linking with Facebook.

This issue has nothing to do with EasyBlog because all it does is to generate a "request" for Facebook to grant permissions for the user's account. When Facebook redirects the user back to the site, your hosting environment blocks it altogether because of the parameters on the URL. There is nothing we can do on our end unfortunately.

There is 2 ways to solve this:

1. Contact Facebook to change the behavior of their redirection (urls) so that it works with your web host. (This will be very unlikely)

2. Contact your web host to add whitelisting rules to allow urls that are generated by Facebook on the server

Hi Mark
my hosting guys are happy to work with me on this - please see below:

what URL or advice should i give them?

thanks


support email:
Disabling mod_security completely is a bad idea. This will put your site at risk to a wide range of exploits and could lead to severe issues, like having the site exploited or being the target of network attacks.

However, I have checked this and robinriddlephotography.com did not hit a rule for today, leading us to believe this is actually unrelated.

Is there a way we can attempt and replicate this on our end? Do let us know what URL we need to access, the steps we need to take and we will gladly further advise on this.

Hey Ian,

Just request them to check this url. You need to provide them with the login credentials to your Joomla site first.

http://www.robinriddlephotography.com/administrator/index.php?option=com_easyblog&task=facebook.grant&system=1&error_code=1349126&error_message=App+Not+Setup%3A+This+app+is+still+in+development+mode%2C+and+you+don%27t+have+access+to+it.+Switch+to+a+registered+test+user+or+ask+an+app+admin+for+permissions.&state=aHR0cDovL3d3dy5yb2JpbnJpZGRsZXBob3RvZ3JhcGh5LmNvbS9hZG1pbmlzdHJhdG9yL2luZGV4LnBocD9vcHRpb249Y29tX2Vhc3libG9n#_=_

The URL above will cause the "The Connection was reset" error by the webserver. It's particularly related to the state=xxx query string which is generated by Facebook.

Hi Mark,
just letting you know that im working with the hoster - back and forth

ill let you know the outcome and come back if i have any questions.

thanks again for your quick responses

;-)

Hey Ian,

Great, thanks for updating me on this

Hi Mark,
the hosting has removed the mod_security (advising me strongly not to do this for security reasons)
i have been able to configure the autoposting

however when i share the facebook post - i get the error
Expected 1 '.' in the input between the postcard and the payload

what should i try next


can i also ask - why has the mod_security become an issue - when it has never been an issue before?

thanks

Ian

Hey Ian,

You are getting this error probably because of the earlier invalid attempts. I have revoked the access and deleted the record from the database. Can you please re-authenticate again with your Facebook account and see if the auto posting works for you now?

As for why this issue is recently popping up, I believe Facebook has changed the way it generate tokens and it somehow flags quite a number of false positive reports from mod_security.

Thanks Mark,
it worked with mod_security disabled

i think my client will probably decide to stop using the autopost feature and manually post his blogs - he is concerned that this will increase the chance of malicious behavior.

if auto posting returns to being compatible with autoposting - would you please let us know so we can reactivate it - it was the primary feature for investing in easyblog but my client would also like to ensure the security of his site.

thanks again for your help

Ian

hey lan,

I am really sorry that delay of this reply,

Perhaps you can provide this information to your webhosting provider?

http://stackideas.com/forums/auto-post-facebook-the-connection-was-reset-while-sign-in-with-facebook-account-first-and-grant-the-application-access#reply-219974

Because our user webhosting provider figured out no need disable mod_security also can work with Easyblog Facebook autopost feature, just need to set the correct asl rules from mod_security, so it should be no affected and it still can protect on your site.