Advertisement:

Author Topic: Having problems with mod_security?  (Read 286681 times)

Offline [Unknown]

  • SMF Friend
  • SMF Master
  • *
  • Posts: 36,102
  • Gender: Male
Having problems with mod_security?
« on: April 26, 2005, 12:07:59 AM »
Some hosts have begun installing something called mod_security.  This filters posts and URLs for certain key words, and if they are found, spits out an error.  Many people are experiencing problems because of this.  Problems include weird "403" or access denied errors, login problems, and similar.

For example, if I were to post this:

Quote
Have you ever used cURL?  You can find information about it at http://curl.haxx.se/.  More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.

On a server with mod_security enabled, I'd get an error.  This error wouldn't be preventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.

However, depending on your host... it may be possible to disable this unnecessary and unwanted behavior.  Since SMF is able to (properly) filter requests without resorting to just blindly grasping at keywords, doing so should be completely safe.  If you don't trust me, live with the false positives or talk to your host to have the mod_security filtering rules changed.

To try to disable it, create a file with the name "htaccess.txt" and put the following in it:

Code: [Select]
<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.

How do I modify files?

If your host doesn't allow you to disable mod_security, the forum will no longer load.  Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made.  However, if this does happen you will not be able to disable mod_security's filtering.

-[Unknown]
« Last Edit: September 22, 2005, 11:24:51 PM by [Unknown] »

Offline Joshua Dickerson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,756
  • Gender: Male
    • joshuaadickerson on GitHub
    • joshuaadickerson on LinkedIn
Re: Having problems with mod_security?
« Reply #1 on: April 26, 2005, 12:14:37 AM »
I was interested in this so I found this url http://www.modsecurity.org/projects/modsecurity/apache/index.html and it seems like a stupid module if you are a decent coder. Fortunately, security is one of SMF's strong-suit.
Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

Offline binary

  • Semi-Newbie
  • *
  • Posts: 32
  • Gender: Male
    • Net-Force
Re: Having problems with mod_security?
« Reply #2 on: July 14, 2005, 01:37:00 PM »
thanks Unknown you helped out a lot


Not even in /Dev/Null/ no one can hear u scream.Join Net-force For all your Security Needs, click here to enter

Offline Knight2211

  • Semi-Newbie
  • *
  • Posts: 38
Re: Having problems with mod_security?
« Reply #3 on: August 03, 2005, 11:46:05 PM »
Thanks Unknown, worked 100%

Offline m0to

  • Newbie
  • *
  • Posts: 6
  • Gender: Male
  • She is fit!
    • KrypticX
Re: Having problems with mod_security?
« Reply #4 on: August 06, 2005, 12:13:47 PM »
Cheers unknown helped alot!!!  :D
hxxp:www.krypticx.com [nonactive]

Offline Elmacik

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,255
  • Gender: Male
  • = Human Draft =
    • IT Store
Re: Having problems with mod_security?
« Reply #5 on: August 07, 2005, 05:23:31 PM »
hi

i opened two new topics under help threads named;
1- Internal server error when registering a new user
2- Themes not showing.

in both topics, moderators directed me to this thread.
but, my host cannot be using mod_security, because their board is also smf.
and they dont have the problems i do.
additionaly, host doesnt allow dot files to be upload (like .htaccess)
Home of Elmacik

Offline [Unknown]

  • SMF Friend
  • SMF Master
  • *
  • Posts: 36,102
  • Gender: Male
Re: Having problems with mod_security?
« Reply #6 on: August 07, 2005, 06:22:59 PM »
Create a phpinfo.php file.  What is phpinfo.php?  If it contains "mod_security" anywhere in it, you have it.

Contact your host, then, and tell them of your problems.  Point them to this topic.  Perhaps they can create the file for you.

-[Unknown]

Offline Aisling

  • Semi-Newbie
  • *
  • Posts: 11
  • Gender: Female
Re: Having problems with mod_security?
« Reply #7 on: August 11, 2005, 06:32:07 PM »
Thanks, it works like a charm  ;)

Offline DrateX

  • Semi-Newbie
  • *
  • Posts: 28
  • Gender: Male
    • DX Adult Forum
Re: Having problems with mod_security?
« Reply #8 on: August 27, 2005, 01:15:19 AM »

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]

What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?

Offline [Unknown]

  • SMF Friend
  • SMF Master
  • *
  • Posts: 36,102
  • Gender: Male
Re: Having problems with mod_security?
« Reply #9 on: August 27, 2005, 01:17:28 AM »

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]

What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?

Either folder works fine.  I suggest the directory SMF is in, which contains index.php and Settings.php.

-[Unknown]

Offline mkh

  • Semi-Newbie
  • *
  • Posts: 13
Re: Having problems with mod_security?
« Reply #10 on: September 29, 2005, 07:01:45 AM »
Dear Unknown et al,
I just wanted to add my thanks for this (and appropriate search targets). I've been getting http 500 (internal server) error (since moving to - otherwise excellent - host) when trying to amend themes from admin and also none of our avatars were showing up on site (if changed by user). But this .htaccess amendment has solved both my problems.  :D
cheers
Mandy
PS still on v1.0.5

Offline frost

  • Semi-Newbie
  • *
  • Posts: 63
Re: Having problems with mod_security?
« Reply #11 on: September 30, 2005, 01:49:00 PM »
I did these changes and i really want to see if it fixes my problems.


BTW: [Unknown], how come you're SMF Friend now?

Offline Villesa

  • Full Member
  • ***
  • Posts: 494
  • Gender: Male
  • Yes it's me indeed
    • Finnish erotic forum -- no porn --
Re: Having problems with mod_security?
« Reply #12 on: October 18, 2005, 03:47:48 PM »
He has IRL projects that takes up his time, and other internet projects also.
You'll get the idea

I'm all ok.

Offline nenoXtreme

  • Newbie
  • *
  • Posts: 1
Re: Having problems with mod_security?
« Reply #13 on: November 23, 2005, 07:38:35 AM »
It was killing meeeeeee!  >:(

But  :P Thanks to You , I sleep again, like a baby..  ;D

You rule! Let the source be with You!  ;D

Offline Cottelletje

  • Jr. Member
  • **
  • Posts: 354
  • Gender: Female
Re: Having problems with mod_security?
« Reply #14 on: December 17, 2005, 11:02:26 PM »
i did what you said unknown but in IE i still can't see my forum :'(
|| Leonardo Dicaprio is the Hottest Man Alive Believe Me ||

Offline DucTX

  • Newbie
  • *
  • Posts: 5
Re: Having problems with mod_security?
« Reply #15 on: December 25, 2005, 08:31:09 AM »
i have the problem that my packages site in the admin center is not shown because of error 500. i already asked somewhere else and now i am here. i dont know how to solve my problem. is there anything left i can do? hxxp:www.bl-53.de/phpinfo.php [nonactive] and i cant find anything inside there about mod_security and the thing with the ".htaccess" doesnt work too.
« Last Edit: December 25, 2005, 12:16:35 PM by DucTX »

Offline auto394812

  • Semi-Newbie
  • *
  • Posts: 20
Re: Having problems with mod_security?
« Reply #16 on: December 29, 2005, 05:59:28 PM »
I really think that simply passing the buck off to the server is a bad call by the coders.

For people who are still having this problem as I was on my server, check out Oldiesmann's solution which solved my problem.

Offline DucTX

  • Newbie
  • *
  • Posts: 5
Re: Having problems with mod_security?
« Reply #17 on: January 01, 2006, 06:52:44 AM »
i thought the new release candidate would maybe solve my problem but the error 500 when opening the packages site is still there.  please help.

Offline Grudge

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,743
  • Gender: Male
  • Unofficial nuisance
Re: Having problems with mod_security?
« Reply #18 on: January 01, 2006, 07:37:45 AM »
DucTX, your server may not support gz. If you don't have any packages in your Packages directory can you access it then? If so try un-tarring the package on your home PC, then uploading the extracted files to a sub-directory of the Packages directory.
I'm only a half geek really...

Offline DucTX

  • Newbie
  • *
  • Posts: 5
Re: Having problems with mod_security?
« Reply #19 on: January 01, 2006, 08:58:31 AM »
i worked fine at the beginning and i installed some packages. could be that the problem is the gz. i will check it.

EDIT: Yes the gz files caused the problem. thanks. great now my smf works fine again.  :)
« Last Edit: January 01, 2006, 09:02:53 AM by DucTX »