SQL keywords in a Book page can never be saved

Re: SQL keywords in a Book page can never be saved

by James McLean -
Number of replies: 5

These issues are often as the result of a WAF (web application firewall) or Apache mod_security, which is obviously external to Moodle. This software is looking for keywords such as SELECT, UPDATE, DELETE (and many other types of attack) which can be used by attackers, and when detected will block the request reaching the destination server.

Are you able to check with your IT department or server administrators to see if they have a system such as this in place? This is the most likely explanation for the problem IMO.

Average of ratings: -
In reply to James McLean

Re: SQL keywords in a Book page can never be saved

by Rebecca Trynes -

I have found that changing the url to https:// allows these words to go through without a problem. (Found this little gem from another forum post!)

Would this still be classified as a firewall issue?


We are getting some very weird behaviour out of Moodle because of this strange issue. It is also causing problems when adding these words to a rubric. UPDATE seems to save (sometimes), but in the process, wants to update the actual rubric by removing some of the levels, either from the criteria the word appears in, or the one before it. Very strange!

Average of ratings: -
In reply to James McLean

Re: SQL keywords in a Book page can never be saved

by Rebecca Trynes -

Okay, not the firewall. Just had the security guy checking it while I tried to save the troublesome words into a book and it was going through fine until something on the server dropped it.

Will keep digging.


Average of ratings: -
In reply to Rebecca Trynes

Re: SQL keywords in a Book page can never be saved

by Andre Wheeley -

Hi Rebecca, yes I've definitely had that: it works for editing one or two pages with those reserved words, then it just won't go.

Average of ratings: -
In reply to Andre Wheeley

Re: SQL keywords in a Book page can never be saved

by Rebecca Trynes -

Try adding https:// to the beginning of the url for now.

I know that it works and saves without a problem (you will just have to navigate the page without any theme applied to it, which can take a bit of getting used to!). Until I can find out what's causing it, at least you will be able to save your pages!

I had one suggestion that it works fine through HTTPS because it encrypts the information. Whatever stops it going through HTTP obviously doesn't have a problem once the text is encrypted.

Any ideas from anyone reading this would be appreciated!

Average of ratings: -
In reply to Rebecca Trynes

Re: SQL keywords in a Book page can never be saved

by Rebecca Trynes -
Okay, it wasn't the firewall—it was the antivirus! haha. Thanks for pointing me in the right direction. Hopefully we can get this issue solved now.
Average of ratings: -