Author Topic: Having problems with mod_security? (Read 209915 times)

jav_tailor · « **Reply #140 on:** February 16, 2009, 06:12:51 PM »

Hi to all,

I've the same problem with mod security and SMF Gallery (lite).

I contacted my hosting provider because the htaccess "trick" not working (error 500) and they say cannot turn it off for security reasons...

I'm desperate! Any solution?

Thanks!

Regards, jav_tailor.

Darkness_Black · « **Reply #141 on:** March 16, 2009, 01:38:58 AM »

OLA i'm having trouble with the mod comment profile, it gives the following error when i click to delete or edit comentario comentario:

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

i asked for help in SMFHacks, and they sent me here, i read this topico made the but nothing has happened remained the same mistake you know i say what can i do to have this mod working correctly?

Rumbaar · « **Reply #142 on:** March 16, 2009, 04:50:04 AM »

Check the file permissions of your index.php file and if 777 check with your host to see if they have any type of restrictions. Also look at your server logs for additional information for the cause.

Darkness_Black · « **Reply #143 on:** March 16, 2009, 03:54:55 PM »

i noticed all permissoes and all files and folders on my forum are 777 down not have any restriction but remains the same mistake.

Rumbaar · « **Reply #144 on:** March 16, 2009, 05:08:38 PM »

Did you have a word to your host and/or look at your logs? Some hosts don't allow index.php to run at 777.

mforum · « **Reply #145 on:** April 03, 2009, 12:07:12 PM »

i also have the error bellow when i try to do admin actions in quiz and SMG mods

Method Not Implemented

GET to /forum/index.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

i run smf 2 rc 1
my index.php is chmoded 755
i tried the .htaccess file but didn`t help
my host told me they will disable mod_security for me but chmoding to 777 doesn`t work well in their server ... whatever that means.
is it vital for index.php to have 777 instead of 755 permission ?

Murph · « **Reply #146 on:** May 15, 2009, 04:07:14 PM »

Hello All,
Everything was great until my web host updated the server security the other day. Now all links from my media gallery get an error 406.
The Host Tech's response to my inquiry was:
_________________________
Hello,

Unfortunately it appears this error is being caused by the mod_security on the server, but we will be unable to edit our configuration, as it is an important security feature.
___________________________

SMF is running fine, but all links from media gallery index page get error 406. I've tried all recommendations from this thread nothing has worked.
I'm running SMF 1.1.8 with Media Gallery 1.5.6.

Any other suggestions? I might just bale on my host and get a new one.
Murph

Sarge · « **Reply #147 on:** May 15, 2009, 04:12:38 PM »

Try to get your host to disable -- only for your domain, or at least for your forum directory -- the mod_security rules that are causing the 406 errors. I suspect that the errors might be related to the presence of ;id in the Media Gallery URLs.

kenrank · « **Reply #148 on:** May 25, 2009, 01:07:36 AM »

I'm not sure if this is a mod_security problem or not!

We're running SMF 1.1.9. We installed the Group Moderators Mod from:
http://custom.simplemachines.org/mods/index.php?mod=171

Almost everything works fine, except (isn't there always an exception?) when I click the group number on:
http://discoverhebrewroots.com/index.php?action=groups

the link generated is either of these two links depending on the group:
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=13
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=9

I get a 406 Not Acceptable error:

Code: [Select]

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at discoverhebrewroots.com Port 80

The forum error log gives no errors, but the server error log gives:

Code: [Select]

[Mon May 25 00:01:45 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups
[Mon May 25 00:01:38 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups

I ran phpinfo and mod_security is not listed anywhere. I tried the mod_security htaccess fix, and it doesn't seem to do anything at all.

I cannot figure out where the 406 is coming from...

Thanks in advance for any help.

Mortfiles · « **Reply #149 on:** June 04, 2009, 12:06:08 PM »

As a webhost I would like to learn more about this issue since its a bad idea to compromise with security just to get some software working. On the other hand its really bad policy not to try to find ways to get things working for clients that want to use that software...

mod_security does not like SMF because it consider it to be a bad boy that try to use PHP session attacks and PHP injection attempts:

Code: [Select]

Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

Code: [Select]

Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

The question is what SMF is doing to get caught doing this and can it be resolved through creative rewrite rules och code changes rather than compromise server security?

I would also like to point out that many webhosts are abandoning the old insecure way to handle permissions and are turning to solutions like PHPSUEXEC or SUPHP which means that if a client tries to set folders above 755 and/or files above 644 will throw errors as well. It does not effect the script itself and it run just fine on 755/644 settings but is alot safer than opening up your server for everyone in the world to abuse.

Not sure if anyone here might be effected by this, but it may not hurt to ask your host just to be sure. If your host use something like this no fix in the world will get SMF working until you change all file permissions accordingly.

Sarge · « **Reply #150 on:** June 04, 2009, 12:51:16 PM »

Quote from: Mortfiles on June 04, 2009, 12:06:08 PM

Code: [Select]
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

Lines 249-251 in http://downloads.prometheus-group.com/delayed/rules/modsec/10_asl_rules.conf

Code: [Select]

# Rule 340076: PHP defenses
SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)"  \
	"id:340076,rev:2,severity:2,msg:'PHP Session attack'"

I see that this version I found is rev "2", while you have rev "1". Can you post the rule from your copy of 10_asl_rules.conf? This file can be in /etc/httpd/modsecurity.d/ or in other locations, depending on your server setup.

LOVELORD · « **Reply #151 on:** August 27, 2009, 02:20:33 PM »

I have problem with mod SMF Gallery Lite...

When I try to make some actions I recive this message

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

What to do? I modiffy .htpaccess file but problem is same...

Waffadrunker · « **Reply #152 on:** January 05, 2010, 01:44:19 AM »

I wonder why no one reply to "Mortfiles" post.

I think it would be important to make some kind of ruleset for SMF forum (whit dif modules loaded, + extra one whit dif. languages loaded) that hosts can apply easily. Or some common ones at least that one can send to hes host to exclude. Because as i understand from the host, it can benefit SMF forum ( or can it not?)

mode_security is not going anywhere and more and more servers have been starting to use it (and many of them do not allow to disable it whit .access file) so it would be important to look in to this issue.

Should .access file turn it off completely (so that it will not interfere whit any mods) and will host admin get some notification about it? Or will it turn off only some parts? How do i know if it's completely off once the forum started to work after .access trick?

Sorry for dumping but i also have problems whit .access file and this topic seemed to be the best one to add my thoughts.

Joey Smith™ · « **Reply #153 on:** January 05, 2010, 02:54:58 AM »

Do you have mod_security or mod_security2?

Garou · « **Reply #154 on:** January 05, 2010, 11:14:04 PM »

The problem with ModSecurity is that its become so restrictive that it severely hinders many useful web tools. They are aware of this but they dont seem to really care either.

That said they have released this document http://blog.modsecurity.org/2007/02/handling-false.html that provides instructions so a host can custom write rules or whitelists that tells the program to trust certain files. Its better then a hosts usual response to either turn off the 2 or 3 most restrictive rules or even ModSecurity all together if they are willing to do anything at all. Of course in my opinion if a host isn't willing to work with you its time to find a new host.

armid · « **Reply #155 on:** April 21, 2010, 04:00:23 PM »

Hi. I have a problem. When I try to install SMF 2.0 RC 3 forum. I get an message:

The installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.

What I can do with this?

sory for my english

青山素子 · « **Reply #156 on:** April 21, 2010, 04:06:25 PM »

Read the first post in this topic.

armid · « **Reply #157 on:** April 21, 2010, 04:17:18 PM »

I add this code:

<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

in my .htaccess
This file is located in a root folder of site.
But it is not solve the problem

armid · « **Reply #158 on:** April 24, 2010, 04:50:41 PM »

nobody knows?

RGM · « **Reply #159 on:** July 21, 2010, 06:10:37 PM »

Our board just moved to a new host that uses mod_security and we now find that if a member attempts to post with the strings "select" and "from" appearing anywhere in the message, we get a server error. I contacted our host provider and they said it's due to one of the filters attempting to block a potential SQL injection attack. Their only solutions were to disable mod_security or tell our members not to use the words select and from, even if they are substrings of another word. Any suggestions?

For example, the following line in a message body would trigger an error:
There is a fine selection of shows on fromthetop.org

News:

Author Topic: Having problems with mod_security? (Read 209915 times)