Hi,
Moodle 3.9.2+ (Build: 20200918) (2020061502.01)
Server:
Apache 2.4.46
PHP 7.2.33
MySQL 10.3.24-MariaDB
Linux
I have got some problems with updating profiles.
Logged in as administrator
I CAN edit my profile and the profiles of the other users
https://www.**********.com/campus/user/editadvanced.php?id=2&course=1
https://www.**********.com/campus/user/editadvanced.php?id=3&course=2&returnto=profile
Logged in as a student:
I CAN'T edit / update my own profile:
https://www.*********.com/campus/user/edit.php?id=3&course=1
Error 403. Forbidden. Access to this resource on the server is denied!
And in cpanel:
Server error log message
2020-09-25 10:55:46.801040 [INFO] [2834264] [**.**.***.***:***:HTTP2-49#APVH_*******.com:443] File not found [/home/********/public_html/403.shtml]
If I disable ModSecurity in cpanel a student CAN update his own profile (!).
But for security reasons I want ModSecurity enabled.
I can't find much documentation. En theory, it should affect all moodle sites, no? It is highly recommended to enable ModSecurity, no?
Is there a workaround?
Thanks in advance,
Jose