Cannot select conditions for Cart and Catalog Price Rules

https://magento.stackexchange.com/questions/262893

19-02-2021
|

Question

I currently have a problem with Magento 2 (2.2.7) where I cannot select conditions in the Catalog or Cart price rules. This problem also occurred on Magento 1 and seems to have migrated across along with the sales rules.

The process I undertake is as follows:

Go to Marketing -> Promotions -> Cart Price Rules (or Catalog Price rules)
Select a current rule or use "Add new rule" (the issue occurs either way)
Go to the section titled "Conditions" or the conditions section of "Actions"
(Image 1) Click on the green "+" sign to add a new condition
(Image 2) Select any condition (it doesn't matter which)
(Image 3) The message "This won't take long..." appears
(Image 4) A page appears with the message:

Magento Admin 404 Error Page not found.

With the developer console open the following errors appear:

VM24673 legacy-build.min.js:1 
POST https://www.websitename.com/admin_panel/sales_rule/promo_quote/newConditionHtml/form/sales_rule_formrule_conditions_fieldset_/form_namespace/sales_rule_form/key/bb452ffee837d48c5d6571c63127dea9581b51d4544b844c3e2592f83013b06d/?isAjax=true 403 (Forbidden)
request         @   VM24673 legacy-build.min.js:1
initialize      @   VM24673 legacy-build.min.js:8
(anonymous)     @   VM24673 legacy-build.min.js:1
g           @   VM24673 legacy-build.min.js:1
addRuleNewChild     @   VM25381 rules.js:318
hideParamInputField @   VM25381 rules.js:281
M           @   VM24673 legacy-build.min.js:8
ListPicker._handleMouseUp



VM25381 rules.js:352
GET https://www.websitename.com/admin_panel/sales_rule/index/index/key/26a494ef284767a4336e676435089056fe4f35b809bd43a76062c9b7f707b331/ 404 (Not Found)
_processFailure     @   VM25381 rules.js:352
respondToReadyState @   VM24673 legacy-build.min.js:8
onStateChange       @   VM24673 legacy-build.min.js:1
XMLHttpRequest.send (async)     
request         @   VM24673 legacy-build.min.js:1
initialize      @   VM24673 legacy-build.min.js:8
(anonymous)     @   VM24673 legacy-build.min.js:1
g           @   VM24673 legacy-build.min.js:1
addRuleNewChild     @   VM25381 rules.js:318
hideParamInputField @   VM25381 rules.js:281
M           @   VM24673 legacy-build.min.js:8
ListPicker._handleMouseUp

I've looked through the log files including system.log and there don't seem to be any messages relating to the cart/catalog rules the Apache log has given me the following error.

GET /website-admin/sales_rule/index/index/key/ed104bf5def6f334de21dd5adc5ccb32e1228ef68b0639363ed5e2a369ec2ab3/ HTTP/1.0

Is there a way to fix this and get the rules working as they should again?

Solution 2

This issue seems to be resolved now. With Many thanks to SantiBM.

We've upgraded to Magento 2.3.2 and have to get our security provider (in our case Foregenix) to update some settings.

This seems to have cleared up the issue, so in summation this problem does seem to be connected to the security setting on a site or it's server.

OTHER TIPS

I had the same issue and was investigating it, in our case, the customer had recently moved the site to a new host, the problem in the new host it was caused by ModSecurity:

--786c900b-B-- POST /administrator/catalog_rule/promo_catalog/newConditionHtml/form/catalog_rule_formrule_conditions_fieldset_/form_namespace/catalog_rule_form/key/6c6b5f50af5277a66476d8357acbacf52e62011a3c99ab6f3d66dc2e02cc2f5d/?isAjax=true HTTP/1.0

--786c900b-H-- Message: Warning. detected SQLi using libinjection with fingerprint '1c' [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "68"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1c found within ARGS:id: 1--1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]

We ended up adding the exclude rules to ModSecurity configuration:

<IfModule mod_security2.c> SecRuleEngine On SecRuleRemoveById 942100 SecRuleRemoveById 950004 SecRuleRemoveById 300016 </IfModule>

Licensed under: CC-BY-SA with attribution

Not affiliated with magento.stackexchange