After a sucessful installation of NopCommerce 4.2 on a VPS - Windows - IIS. I cannot write changes to some sections (two) in Admin-Configuration-Settings.
In Admin - Configuration - Settings: When making changes and saving them to: General Settings - Request URL: (https://www.xxxxxx.com/Admin/Setting/GeneralCommon) or Catalog Settings - Request URL: (https://www.xxxxxx.com/Admin/Setting/Catalog) I get the following answer: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
In Admin - Configuration - Settings - Other sections: By making changes and saving them to all other sections under the directory https://www.xxxxxx.com/Admin/Setting/* Customer settings Order Settings Shipping settings Tax settings Shopping cart settings Reward points etc... I have no problem and can save all the changes.
Permissions have been set as described in the manual. In addition, to trying to solve the problem, "Modify" permission was given at ".\ Areas \ Admin \ Views \ Setting" for application pool identity. But it did not work.
I request guidance that could help me resolve the issue.
Can you go to the Administration -> Configuration -> Access control list and check whether the customer role that the customer you are using is mapped to has the Admin area. Manage Settings permission? If it doesn't, that might cause your issue.
Anton, thanks for your suggestion, but it doesn't apply in that situation. The customer role that I am using is Administrators and it is mapped to the Admin area. Manage Settings. I can save changes to all but two configuration sections: General Settings and Catalog Settings. I can't make changes to them.
A Web Application Firewall installed on the server, ModSecurity, was generating response status: 403 - Forbidden: Access is denied.
I set ModSecurity with the "detect only" option, which resolves temporarily, but eliminates any automatic reaction from this firewall. I will search to find out the relevance and reason of the block.
It presents the following message for these events:
A Web Application Firewall installed on the server, ModSecurity, was generating response status: 403 - Forbidden: Access is denied.
I set ModSecurity with the "detect only" option, which resolves temporarily, but eliminates any automatic reaction from this firewall. I will search to find out the relevance and reason of the block.
It presents the following message for these events: