Problem when creating new email template

My Mautic version is: v2.16.2
My PHP version is 7.1.33 :
My MySQL/MariaDB version is (delete as applicable): MariaDB 10.1

I’m trying to clone or create a new email template in Mautic. I add the name of the email and click on Apply.

These errors are showing in the installer :

It gets frozen and I can’t do anything else.

These errors are showing in the Apache log :

[Thu Jun 25 18:29:04.394947 2020] [:error] [pid 31798:tid 140177825523456] [client 82.159.35.81:42556] [client 82.159.35.81] ModSecurity: Access denied with code 403 (phase 2). Pattern match “<body\\b.{0,}?\\bbackground\\b” at ARGS:emailform[customHtml]. [file “/etc/modsecurity/07_XSS_XSS.conf”] [line “50”] [id “212300”] [rev “2”] [msg “WAF: Cross-site Scripting (XSS) Attack||inb.[redacted].com|F|2”] [data “Matched Data: <body style=\x22margin: 0px; cursor: auto; overflow: visible;\x22 class=\x22ui-sortable\x22>

<table data-section=\x221\x22 style=\x22width: 600;\x22 width=\x22600\x22 cellpadding=\x220\x22 cellspacing=\x220\x22> <div data-slot-container=\x221\x22 style=\x22min-height: 30px\x22 class=\x22ui-sortable\x22>
<img src=\x22https://inb.[redacted].com/media/images/e8059d3a971559e2a52b49430bd7ae42.jp…”] [severity “CRITICAL”] [tag “CWAF”] [tag “XSS”] [hostname “inb.[redacted].com”] [uri “/s/emails/new”] [unique_id “XvTQ0FJivbUAAHw2qP8AAABD”], referer: https://inb.[redacted].com/s/emails/new

These errors are showing in the upgrade_log.txt file (located in the root of your Mautic instance when an upgrade has been attempted - ensure you remove or redact any sensitive data such as domain names in the file path) :

My problem is : I can’t create or clone new email templates.

Steps I have tried to fix the problem :

I tried to clear the cache.

This suggests to me that your host has some mod_security rules which are being triggered. Please contact your hosting provider to troubleshoot it with them!

1 Like