Knowledge Base

Answers to Common liveSite Questions

Back to Knowledge Base

Site Management

Why do I receive an error when I submit a form that contains a script tag?

This issue will not happen if you are hosted with us.

If your hosting provider enables mod_security and configures it too strictly, then mod_security might show an error when you attempt to submit a form with content that contains a "<script>" tag.  mod_security will generally show a 403 (Forbidden, Permission Denied), 404 (Not Found), or 406 (Not Acceptable) error when this happens.  This error often happens when a form is submitted on the Site Settings screen or the Create/Edit Custom Page Style screens.

We recommend that you ask your hosting provider to disable mod_security or configure it less strictly so that the error does not occur.  liveSite is secure out-of-the-box, so it does not require mod_security.  Please understand that mod_security is not protecting an actual security issue.  Unfortunately, your hosting provider has configured mod_security so it is overly aggressive.

If your hosting provider is not willing to resolve the problem, then one workaround for the Site Settings screen is to remove all of the code in the Social Networking Advanced field (i.e. <!-- AddThis Button BEGIN --> ...).  Then, you can either enable Simple mode or disable Social Networking entirely.  Please be aware that this will not solve the problem in other areas of liveSite, like the Create/Edit Custom Page Style screens.

Another solution is to disable mod_security for your site via the .htaccess file.  You can try adding the following content to the .htaccess file in your web root.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

This is not guaranteed to work because many hosting providers do not allow you to disable mod_security yourself, and some versions of mod_security do not support this.


Add Feedback:
Was this page helpful? Please let us know how we can improve it.
Please login or register to add your feedback.