Some hosts have begun installing something called mod_security. This filters posts and URLs for certain key words, and if they are found, spits out an error. Many people are experiencing problems because of this. Problems include weird "403" or access denied errors, login problems, and similar.
For example, if I were to post this:
QuoteHave you ever used cURL? You can find information about it at http://curl.haxx.se/. More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.
On a server with mod_security enabled, I'd get an error. This error wouldn't be preventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.
However, depending on your host... it may be possible to disable this unnecessary and unwanted behavior. Since SMF is able to (properly) filter requests without resorting to just blindly grasping at keywords, doing so should be completely safe. If you don't trust me, live with the false positives or talk to your host to have the mod_security filtering rules changed.
To try to disable it, create a file with the name "htaccess.txt" and put the following in it:
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.) If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.) Create a backup, though, before overwriting anything.
How do I modify files? (http://www.simplemachines.org/community/index.php?topic=24110.0)
If your host doesn't allow you to disable mod_security, the forum will no longer load. Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made. However, if this does happen you will not be able to disable mod_security's filtering.
-[Unknown]
I was interested in this so I found this url http://www.modsecurity.org/projects/modsecurity/apache/index.html and it seems like a stupid module if you are a decent coder. Fortunately, security is one of SMF's strong-suit.
thanks Unknown you helped out a lot
Thanks Unknown, worked 100%
Cheers unknown helped alot!!! :D
hi
i opened two new topics under help threads named;
1- Internal server error when registering a new user
2- Themes not showing.
in both topics, moderators directed me to this thread.
but, my host cannot be using mod_security, because their board is also smf.
and they dont have the problems i do.
additionaly, host doesnt allow dot files to be upload (like .htaccess)
Create a phpinfo.php file. What is phpinfo.php? (http://www.simplemachines.org/community/index.php?topic=18250.0) If it contains "mod_security" anywhere in it, you have it.
Contact your host, then, and tell them of your problems. Point them to this topic. Perhaps they can create the file for you.
-[Unknown]
Thanks, it works like a charm ;)
Quote from: [Unknown] on April 26, 2005, 12:07:59 AM
Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]
What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?
Quote from: DrateX on August 27, 2005, 01:15:19 AM
Quote from: [Unknown] on April 26, 2005, 12:07:59 AM
Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]
What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?
Either folder works fine. I suggest the directory SMF is in, which contains index.php and Settings.php.
-[Unknown]
Dear Unknown et al,
I just wanted to add my thanks for this (and appropriate search targets). I've been getting http 500 (internal server) error (since moving to - otherwise excellent - host) when trying to amend themes from admin and also none of our avatars were showing up on site (if changed by user). But this .htaccess amendment has solved both my problems. :D
cheers
Mandy
PS still on v1.0.5
I did these changes and i really want to see if it fixes my problems.
BTW: [Unknown], how come you're SMF Friend now?
He has IRL projects that takes up his time, and other internet projects also.
It was killing meeeeeee! >:(
But :P Thanks to You , I sleep again, like a baby.. ;D
You rule! Let the source be with You! ;D
i did what you said unknown but in IE i still can't see my forum :'(
i have the problem that my packages site in the admin center is not shown because of error 500. i already asked somewhere else and now i am here. i dont know how to solve my problem. is there anything left i can do? this is my phpinfo (http://www.bl-53.de/phpinfo.php) and i cant find anything inside there about mod_security and the thing with the ".htaccess" doesnt work too.
I really think that simply passing the buck off to the server is a bad call by the coders.
For people who are still having this problem as I was on my server, check out Oldiesmann's solution (http://www.simplemachines.org/community/index.php?topic=58538.msg407684#msg407684) which solved my problem.
i thought the new release candidate would maybe solve my problem but the error 500 when opening the packages site is still there. please help.
DucTX, your server may not support gz. If you don't have any packages in your Packages directory can you access it then? If so try un-tarring the package on your home PC, then uploading the extracted files to a sub-directory of the Packages directory.
i worked fine at the beginning and i installed some packages. could be that the problem is the gz. i will check it.
EDIT: Yes the gz files caused the problem. thanks. great now my smf works fine again. :)
something interesting that i've come across when trying to do this... i've never touched these files before cause i didn't even know what they were for, however when i went looking for them i found that i had two, one renamed that was last edited 12 june 2005 and a new one edited 17 june 2005...
i've never touched them however they have been changed
the 12 june one had this in it (the renamedone)
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.lostprophecy.com
AuthUserFile /home/kodee1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/kodee1/public_html/_vti_pvt/service.grp
but the new one that replaced it has nothing in it...
i'm wondering if this might be causing the log in problems, or if infact having it blank might cause other problems
Well greyknight directed me to this fix and it worked like a charm ;D
I was getting the "not acceptable" error when I clicked "current theme settings" and "layout" in Forum
Setting. I did the htaccess fix and now no worries, you all are the greatest :)
Excellent quick fix, my forums now run smoothly in both browsers as i seemed to get this more with IE than firefox. It also seems it's fixed some of the session errors i was having with logging off.
Thanks [Unknown]!
Ok maybe I missed it but once I create the .htaccess file where do I place it on my server?
Thanks
Dave
In the forum's root folder along with Settings.php, index.php and so on.
Great thanks!
Dave
Fantastic that sorted all my troubles out.
I was getting a stupid 403 error when trying to install smfarcade and couldn't figure why, then i stumbled upon this nifty post
[unknown] you are a God!! ;)
I got this 'HTTP Error 403 - Forbidden error' today, which I haven't seen in a while. The last time I saw it I was installing Arcade games. It went away by itself.
I tried the fix on the first page, but I got this error from my FTP application:
350 File exists, ready for destination name
RNTO .htaccess
550 Permission denied on server. You are restricted to your account.
DELE htaccess.txt
I guess there's one there, but I can't see it. I use SmartFTP 1.5.
Before I got this error message I was just refreshing the page. I couldn't see the avatars, just a blank box. Then I went to the forum/index page, then it was ok. then I refreshed the page one more time, then I got this error. Shocked me cause it was in red bold lettering.
Any ideas? I will also report to my web host.
Thanks!
If I am reading you right and you cannot remove a file via ftp contact your host and you will be able to resolve it. Sometimes the way the server is set up there can be some instances when a file is created and you cannot remove it yourself. Send them the details of the file you cannot remove.
Quote from: redone on May 17, 2006, 03:10:20 PM
If I am reading you right and you cannot remove a file via ftp contact your host and you will be able to resolve it. Sometimes the way the server is set up there can be some instances when a file is created and you cannot remove it yourself. Send them the details of the file you cannot remove.
Doing that now, thanks!
Thankyou again Unknown. Last night right at midnight, this problem started happening on our forum.
A couple of searches later and it was resolved ;)
This must have been the quickest issue I've ever fixed before lol
Cya
BigMike
i had this appear today too after restarting my VPS
Did you try the .haccess changes?
Thank you Unknown. That worked like a charm!
I just installed the SMF forum software onto my account. As soon as everything was done installing, I tried to go to the index.php page to set things up but got a blank page. I asked for help with this in another thread but was told to come here. I tried the whole htaccess thing and my problem was not fixed. Any other ideas? My host is 1500mb.com and my site is galaxymod.1500mb.com/forum
THX SO MUCH NOW IT WORKS MY PROBLEM IS "[solved]" lol HAHAHA THX SO MUCH :D :D :D
Just a suggestion to the dev crew: Is it possible to get a little warning to appear to admins (only admins) if mod_security is installed?
Quote from: [Unknown] on April 26, 2005, 12:07:59 AM
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
-[Unknown]
thanks Unkown, your workaround worked perfectly...
just a question: am I supposed to put this stuff in a .htaccess file within the SMF folder? or is it safe to put it in the main .htacess file of the whole website (in the root)? in other words, I put it in the root's .htaccess and it seems to ahve fixed the SMF problem (which is not in the root) but I was wondering if I am exposing myself to other risks having it in the root.
Thanks
It is possible you will expose yourself to some problems if you turn mod_security off sitewide, especially if you run other dynamic software (blog, poll, etc)
Thank you
You have save my life ... ;D
Superb - just about to go and request my host deal with this (they have mod_security installed), but for info, I was (am) getting 403's on the 'next >>' link used for cycling through posts on a board.
Interestingly enough, this was only happening in Firefox (V1.5.0.7, V1.5.0.8 and V2.0 at least). No 'errors' caused on the board, but the logfile was stuffed with them.
I'll try your fix first, but I'm sure this is it.
Thanks a lot as usual.
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam. >:(
I have deleted their acounts twice now as this has happened on two different occasions..
I have no idea how this could happen. Anyone?
Also, isn't it possible to make a new poster have all new posts to a certain count "authorised" before they are even seen to stop this too?
help! What can I do to stop this security issue?
I'd say you have a password security breach.
Quote from: FNF on November 27, 2006, 01:53:18 PM
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam. >:(
Are you sure it isn't just a PM notification?
as a host, wouldn't this breach the security and allow users to run banned URLs by mod_security ?
Not from what I understand.
Besides, I'm sure you can disable the disabling of mod_security
Quote from: Jacen on December 17, 2006, 06:08:00 AM
Not from what I understand.
Besides, I'm sure you can disable the disabling of mod_security
Yes, you can, but unless you compile mod_security to also disable .htaccess modification of rules you can still prevent the rules set in the server config from taking effect unless the host has specified their rules as mandatory and thus can't be disabled by .htaccess files
Or the host can ban the disabling of it via their TOS :)
1) Why do you WANT to be spamed?
2) isn't that off topic?
Quote from: Jacen on January 07, 2007, 05:29:03 AM
1) Why do you WANT to be spamed?
2) isn't that off topic?
I've reported it, so it should be dealt with soon :)
Now why didn't I think of that? :P
Thanks a lot,pal! it works! ;D
i must say thank u very much to the person ...gave that nice Sharing its 100% Work ....
I tried this and it still is giving me issues when i try to copy/paste text into a thread.. :(
how can i get it to not???
If the fix didn't work, complain to your host and ask them to disable that feature. If they won't listen to you, find a better host.
hmm anyone using hostgator? I just signed up with them, are they doing this?
Hi crud3w4re,
First of all,
Beware of hostgator, they are a massive overseller,
if may happen that you get in trouble if your community ever grows big.
If you want to check if mod security is enabled,
put this in a php file (for example, phpinfo.php) and upload it to your site with them:
<?php
phpinfo();
?>
Just open the file from your browser and you will see all the functions enabled,
just do a search with your browser on that page for "mod_security" and if it gives you results, then yes, they have it enabled.
Yours,
- Liroy
So .. Are you saying that if my site gets big, they'll kill the site?
I'm not saying they will do it,
i'm just saying chances that that happends are quite large :)
They offer impossible things...
NOTE TO KXUK HOSTING USERS: If you are having a problem with mod_security, email me at
[email protected] and I shall fix you up o.O
thanks :D
How can i modify .htaccess inside the folder that i cant access ?
My host will do that ?
If you need to modify something in a folder to which you dont have acces, then yeah, you will have to ask your host to do that...
But I dont see why you would have to modify something in a folder to which you dont have acces to in the first place?
I just suddenly lost access to my own forum folder, it was 755 then suddenly changed into 000...
QuoteForbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Your host will need to set the mode back properly.
I don't know of anything in SMF that could cause all modes to be lost.
... right now they're trying to fix it up,
ive talked to them they should come here and ask you guys if they need any help, but they refused. I surely hope they know what theyre doing..
It surely can't be too hard to fix the problem... I mean,
chmod 755 /home/username
as root will restore it.
Thanks, I was getting the 404 error and now its working fine after modifying my htaccess file!
I tried this method but I get a 500 error, I tried the .haccess in the root and in the SMF folder.
I'm using TotalChoiceHosting, who are pritty good, and most of members can post and view the forums no problem, just a few can't post, is there a nother version of the code that may work?
now i cant edit my own style sheet, fatal error happen everytime i try to change style.css permission, as well as the other files.
im not sure if it has some connection with htaccess issue, cos ive editted .htaccess exactly like TS said.
Does this work on 110mb.com?
Has anybody been able to htaccess disable the new version of mod_security (2.1.0)?
I recently got a new server and it's got mod_security 2.1.0. I want to disable it, but just for SMF, not the rest of the web applications, but the rules syntax seems to have changed.
Thanks!
Quote from: ictus on March 16, 2007, 07:15:28 AM
I tried this method but I get a 500 error, I tried the .haccess in the root and in the SMF folder.
I'm using TotalChoiceHosting, who are pritty good, and most of members can post and view the forums no problem, just a few can't post, is there a nother version of the code that may work?
500 error either means you accidentally mis-typed something, or that your host doesn't allow you to change things that way with .htaccess. Double-check to make sure you entered it correctly, and find another host if you can't disable it.
Quote from: hawkshaw on March 17, 2007, 09:55:02 AM
now i cant edit my own style sheet, fatal error happen everytime i try to change style.css permission, as well as the other files.
im not sure if it has some connection with htaccess issue, cos ive editted .htaccess exactly like TS said.
What error are you getting?
Quote from: Arrisje on March 24, 2007, 01:34:27 AM
Does this work on 110mb.com?
I don't know. Try it and see :)
Quote from: dobomode on March 26, 2007, 10:17:30 PM
Has anybody been able to htaccess disable the new version of mod_security (2.1.0)?
I recently got a new server and it's got mod_security 2.1.0. I want to disable it, but just for SMF, not the rest of the web applications, but the rules syntax seems to have changed.
Thanks!
Looks like the rules have changed (according to their site - www.modsecurity.org).
Try this:
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecRuleEngine Off
# The below probably isn't needed, but better safe than sorry.
SecRequestBodyAccess Off
</IfModule>
ust a not of the .htaccess file, I've tried several ways to edit it, and using the method described here, didn't work for me.
I'm using cpanel, and found if i goto file manager and edit the htaccess file directly the mod in this topic works.
Hope that helps those that may have had trouble like myself.
QuoteI'm using cpanel, and found if i goto file manager and edit the htaccess file directly the mod in this topic works.
I had the same difficulty, and this worked for me as well. Thanks!
Every time I tried to download a package, I get this error:
Quote
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.
The package I'm trying to install comes straight from this site. :S Someone help?
I've been getting the "Forbidden - You don't have permission to access /bb/index.php on this server" message.
I followed the .htaccess fix, which didn't appear to solve the issue. Contacted my hosting company and they said they couldn't disable the mod_security on their server.
So, do I have any other options in regards to fixing this error? Or am I faced with having to swap hosting companies/finding a new forum? (neither of which I'd like to do if I can avoid it).
Any help greatly appreciated!
Thanks :)
make sure the owner of the files are the correct one, also ensure that the permissions are correct (should be 777 or 755 permissions on unix servers, read+write on windows hosting)
how do you change it using apache, like by making an exception or w/e.
<Files *>
Order Deny,Allow
Deny from all
Allow from localhost
</Files>
In my regular file
Hey guys... I also have troubles with mod_security...
After the
QuoteThe installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.
Click here to try installing anyway, but note that this is strongly discouraged.
message, i
click here and it shows me a page with basic settings... When i click proceed, it just stays on that page... I can keep on clicking, and it will still stay on the same page...
Any help?
The .htaccess file worked for me. Awesome.
@TheLyricist: Did you try using the .htaccess file at all? That might help ;)
Thanks. My host did that. Thanks again for the tweak!
Quote from: metallica48423 on April 26, 2007, 01:58:32 AM
make sure the owner of the files are the correct one, also ensure that the permissions are correct (should be 777 or 755 permissions on unix servers, read+write on windows hosting)
permissions on what??
I am experiencing this issue. the first htaccess edit did nothing. the 2nd resulted in a 500 error.
Hello,
Just wanted to say "Thanks" for this. I have my new forums and websites with Dreamhost and they have this mod_security running.
Just wanted everyone to know that when I put this in my root folder the forum would not show up, so I moved it to the folder that has my SMF in it and it works.
Putting the htaccess file in actually gave me the error 500, ???
hello guys how are you all
I'm Having problems with smf v1.1.4
i have two smf
the 1st smf v1.1.3
http://www.mywebsite.com/sahdona/forums/
the 2st smf v1.1.4
www.mywebsite.net/smf
with the 1.1.3 ever thing is working nice no error
& with 1.1.4 I'm keep gating the Error 500 ever time I'm trying to backup my db or chicking my pm
can you guys look at it & tell me what can i do & how can i fix this please
thank you
im having the same trouble as TheLyricist
RESPECT! worked great :) thanks alot
Thanks!
It solved the problem in my forum's login
"406 Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server."
:)
Hey! I still get the same error, and I added the things mentioned in the .htaccess file.
But when I opened the .htaccess file, there was nothing in it, is that normal?
Now when I open it, it still has the code in it, but still doesn't work. (The SMF Gallery Mod)
www.gfxpros.org
Thanks
Souljaa
It worked for me.
Did you do everything like in the first post?
Try the updated rules:
http://www.simplemachines.org/community/index.php?topic=34270.msg1025267#msg1025267
Make sure you upload .htaccess to the right place: either the root directory of your site or your forum directory.
It seems i am having the exact OPPOSITE problem that no one seems to be able to help with!
My forum will not load AFTER LOGGING IN?
can anyone help out with some advice or assistance to help me solve this problem please?
Quote from: Scanlite on December 26, 2007, 02:45:18 PM
My forum will not load AFTER LOGGING IN?
Please let's continue support about this in the topic you started. ;)
http://www.simplemachines.org/community/index.php?topic=213083
When I post %simbol, I get error Bad Request.
Example: %qqqqqqqqqqqqqqqqq
modsec_debug.log
Quote
[12/Mar/2008:04:00:44 +0300] [forum.XXX/sid#80cf340][rid#844c1c0][/index.php][1] Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:message. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
modsec_audit.log
Quote
--c0166218-A--
[12/Mar/2008:04:00:44 +0300] 93vY-n8AAAEAAHeCgIQAAAAC 127.0.0.1 41404 127.0.0.1 443
--c0166218-B--
POST /index.php?action=post2 HTTP/1.1
Host: forum.sdi.sar
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://forum.XXX/index.php?topic=11.0
Cookie: PHPSESSIDF=XXX; SMFCookie547=a%3A4%3A%7Bi%3A0%3Bs%3A1...s%3A40%3A%22f6fd1...c4daafb3fdd7a19a346e%22%3Bi%3A2%3Bi%3A1205286112%3Bi%3A3%3Bi%3A0%3B%7D
Content-Type: application/x-www-form-urlencoded
Content-Length: 217
--c0166218-C--
topic=25&subject=Re%3A+gpg+-+man+page&icon=xx¬ify=0&goback=1&num_replies=0&message=%25qqqqqqqqqqqqqqqqq&post=%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C&sc=0be0815c74f9717699612fc01c1a6221&seqnum=3805448
--c0166218-F--
HTTP/1.1 400 Bad Request
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
--c0166218-H--
Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:message. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
Action: Intercepted (phase 2)
Stopwatch: 1205283644496126 38939 (38116* 38442 -)
Producer: ModSecurity v2.1.2 (Apache 2.x)
Server: Apache
--c0166218-Z--
How to fix it?
This bug in modsec 20_protocol_violations.conf or smf?
have you tried the solution in the first post of this page?
Quote from: metallica48423 on March 12, 2008, 12:58:30 PM
have you tried the solution in the first post of this page?
Thanks, add
<IfModule security2_module>
SecRequestBodyAccess Off
</IfModule>
in my vhosts.conf, I hope it safely :)
Ok,
Once for the dummy in the room.
Should I ADD the code to the .htaccess file in the PUBLICHTML root?
Or Just replace the file all together with this code.
(When I add it using cPanel the forum fails with a 500 error.)
Answer to my own question:
I created a NEW file with the suggested code from this post. Saved it to the folder I have SMF installed in.
I did not modify the .htaccess file in the publichtml root. (that causes a 500 error)
.htaccess files affect the files and folders below it (that don't have their own .htaccess file). So as long as you put it in the top most folder you want to affect it should be fine.
I seem to be having a mod_security problem, but I'm not 100% sure. I need help. I don't see mod_security listed anywhere in my phpinfo file, so it would seem it's not installed by my host. But...
I'm getting 406 errors when certain word combinations are included in posts (the one that keeps killing me is *poker*.com, and my site is poker-related...argggg). If I eliminate the "r" from "poker", no problem. If I eliminate the ".com", no problem. So there's definitely something that's filtering posts. It's not just forum posts, either. I use TinyPortal and when I attempt to post html that includes the offending text, I get the 406 error.
So, I tried the first suggestion in this thread. No luck. Still get 406 errors. I tried the updated version for mod_security2, and I get the 500 error. Since the updated version uses the "<#ifmodule mod_security2.c>" qualifier and I get errors that disappear when I comment out the code between the <ifmodule...> and </ifmodule...>, I believe my host is running mod_security2 (by the way, when I leave in the same code, but use "<#if module mod_security.c>, I don't get the 500 error, but the 406 error remains -- apparently because the code never gets called).
My webhost is siteflip.com and I have a help ticket submitted, but I suspect they'll need some help of their own ;) so I'm trying to arm myself with as much information as possible.
Any ideas. I have a feeling I may need to switch hosts to get past this because I suspect they have it set up so that the mod_security2 can't be disabled via htaccess.
Thanks in advance...
Well, I was right...mostly. I just got a response from my web host saying that mod_security2 could not be disabled from htaccess, but they disabled it for my domain from their end.
I hope this helps others who may be stumped by this. :)
Im having the same problem, im using hosting service from Maxoz.com. They didnt give me answer if they will turn it off or not.
Theres nothing we can do if your host won't disable it and it is causing the 403 errors. it is a server side block, not anything SMF can stop in any capacity
Ok I have asked my host to get rid of the mod_security and they did actually in 15mins they acted!!! AWESOME SUPPORT from them and this forum!!
But now should I get rid of the code mods that were suggested to start with?
if they disabled mod_security, then the code mod in the first post of this thread is useless
I don't know if this is related, but every other time (at least it seemed like that) that I clicked something, beit "Online", "Reply", "Quote", etc, I would get Firefox asking me if I wanted to download the index.php to my desktop. phpinfo.php revealed no "mod_security" but I went ahead and did the .htaccess. So far my problem is gone and my forum seems faster.
Big time thank you. This was driving me nuts (I know, short drive :D).
yea, that can cause that to happen too sometimes.
its simply bad server configuration
Added could code into .htaccess and its as if notjing happened. Is there more to it?
Quote from: SuperZambezi on June 16, 2008, 11:53:50 AM
Added could code into .htaccess and its as if notjing happened. Is there more to it?
maybe, yoúr host does not allow disabling mod_security from .htaccess or is using mod_security2..
give this a try:
<IfModule mod_security2.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
or contact your host.
I contacted my host and he contacted his and got :
Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Quote from: SuperZambezi on July 01, 2008, 09:11:59 PM
I contacted my host and he contacted his and got :
Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?
Quote from: RedOne on July 12, 2008, 11:09:36 AM
Quote from: SuperZambezi on July 01, 2008, 09:11:59 PM
I contacted my host and he contacted his and got :
Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?
But I can change .htacces and its as if nothing happens.
Some hosts have things configured to use a non-standard method to disable, or don't allow disabling via .htaccess. If the suggestion here doesn't work, you need to contact your host to find this out.
Hi friend's,
while saving my data base by selecting Compress the file with gzip. it gives the below error.
But I am able to save my database by unchecking this Compress the file with gzip option.
but by unchecking this optin it takes more time to download the database.
please help me in this regard.
Thank you.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator,
[email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at studentsmasti.net Port 80
This isn't a mod_security issue. The problem is that your database is too big to hold and compress in the memory PHP is allowed to use. You might want to start making backups through the tools your hosting provider provides. These usually are set up to bypass the limits imposed on you directly.
can u just ask the host if they can disable it on your account?
i'm having this same problem when navigating through gallery pro. the gallery itself works but some of the features are not. like clicking on the previous image/next image and picture ratings buttons. this didnt start happening until i installed the gallery.
this is what it says on the page
Not Acceptable
An appropriate representation of the requested resource /cjforum2/index.php could not be found on this server.
Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at customjustice.dchallofjustice.com Port 80
Quote from: [Unknown] on April 26, 2005, 12:07:59 AM
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.) If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.) Create a backup, though, before overwriting anything.
Worked perfect!! Thanx.
After adding the .htaccess file I no longer get an error but the "post" button doesn't work. I can preview my message but not post it.
Quote from: sweethangs on September 17, 2008, 06:28:11 PM
After adding the .htaccess file I no longer get an error but the "post" button doesn't work. I can preview my message but not post it.
it resolved itself after logging out and back in. thank you!
Ok I have read all and my problem seems to be rather peculiar. I am the admin of the forum and I am the only one who seem to be getting this problem when trying to open a pm. The other members have no such problems at all. Should I be worried?
Can anybody help me with the above? It is driving me nuts!
You haven't really been specific with the exact problem you're having. So more details, unless you've posted about it elsewhere ... then link to it.
Sorry about that. I posted a more detailed info in this thread http://www.simplemachines.org/community/index.php?topic=246702.msg1741544#msg1741544 But I sure can use all the help there is.
Hi,
I was having a mod security issue on the forum and the host said he has now disabled mod security. Thing is I had the approriate text in a .htaccess file within the forum root but then I found this as well below which I'm pretty sure I didn't put there:
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
RewriteEngine On
RewriteRule ^([a-zA-Z0-9-]*).html index.php?action=$1 [L]
I'm not sure what that Rewrite rule is doing but it seems strange and worrying, any ideas?
Are you doing any kind of URL rewriting (PrettyURLs, SEO4SMF, etc.)?
Hi,
No I don't have either one installed, just smf search engine friendly url's enabled.
Skip
That might be for those. I personally don't use that option, but the rewrite rule looks to fit it.
I still get the error. "Not Acceptable
An appropriate representation of the requested resource /run/forum/index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
"
If mod_security2 is being used on a server should the previous mod security text be removed leaving just
<IfModule security2_module>
SecRequestBodyAccess Off
</IfModule>
or does it not make a difference?
Was also wondering if the hosting company turns off mod security 2 completely , can I still leave the above within the .htaccess and it will be ignored or will it cause problems.
Thanks
I requested my hosting ppl to disable but they denied saying that they cannot disable mod_security because if someone exploits site, the whole server can be compromised (this has happened in the past). so now what should i do help me please ......Help me :(
- Pari
Tell them to disable the filtering engine. That's the part that causes all the problems.
I am still having problems with my forum its still giving me this error message and i tryed the htaccess i am not sure why i am still having this problem anyhow i am not sure why i am having this problem i think i will try a totally different forum program
Not Acceptable
An appropriate representation of the requested resource /forum/index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at ohiohauntedplaces.com Port 80
Fantastic!!!!!
Thank you so much!!
Sorted my problems!!
Cheers,
Northwinds :P
I'm having a problem with the downloads package and mod_sec.
The package is trying to use ;id in the querystring which is being seen quite correctly as a system command injection.
Matched signature <;id>"] [severity "CRITICAL"]
I'll certainly not gimp mod_sec as it's there for the reasons I put it there .. any suggestions?
Just edit the rule then so it doesn't match the way the package is handling it?
It seems to be a silly rule anyway as many dynamic software packages use id as a query variable.
Quote from: Motoko-chan on January 07, 2009, 06:39:33 PM
Just edit the rule then so it doesn't match the way the package is handling it?
It seems to be a silly rule anyway as many dynamic software packages use id as a query variable.
Thanks for the reply Motoko-chan
I ended up modifying the package rather than my security.
http://www.simplemachines.org/community/index.php?topic=203471.msg1869963#msg1869963
i olso have this problem with my forum but the host dosent seem to have installed that module and i don't know what it couses this
here is my phpinfo from my host if u can found any info to help i found another module named "suhosin" i don't know if this is anything but ...
PHP Version 5.2.8
System Linux web10.nxserve.net 2.6.18-53.el5PAE #1 SMP Mon Nov 12 02:55:09 EST 2007 i686
Build Date Jan 9 2009 07:48:27
Configure Command './configure' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--enable-force-cgi-redirect' '--enable-ftp' '--enable-gd-native-ttf' '--enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pdo=shared' '--enable-safe-mode' '--enable-sockets' '--enable-zip' '--prefix=/usr' '--with-bz2' '--with-config-file-path=/usr/local/lib' '--with-config-file-scan-dir=/usr/local/lib/php.ini.d' '--with-curl=/opt/curlssl/' '--with-freetype-dir=/usr' '--with-gd' '--with-gettext' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--with-pdo-mysql=shared' '--with-pdo-sqlite=shared' '--with-png-dir=/usr' '--with-pspell' '--with-sqlite=shared' '--with-ttf' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr'
Server API CGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib
Loaded Configuration File /usr/local/lib/php.ini
Scan this dir for additional .ini files /usr/local/lib/php.ini.d
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams zip, php, file, data, http, ftp, compress.bzip2, compress.zlib, https, ftps
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
PHP Credits
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors STDOUT STDOUT
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl Off Off
error_append_string no value no value
error_log error_log error_log
error_prepend_string no value no value
error_reporting 6135 6135
expose_php On On
extension_dir /usr/local/lib/php/extensions/no-debug-non-zts-20060613 /usr/local/lib/php/extensions/no-debug-non-zts-20060613
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/lib/php:/usr/local/lib/php .:/usr/lib/php:/usr/local/lib/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 30 30
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 32M 32M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals On On
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 50M 50M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off
bcmath
BCMath support enabled
bz2
BZip2 Support Enabled
Stream Wrapper support compress.bz2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.3, 15-Feb-2005
calendar
Calendar support enabled
cgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.force_redirect 1 1
cgi.nph 0 0
cgi.redirect_status_env no value no value
cgi.rfc2616_headers 0 0
ctype
ctype functions enabled
curl
cURL support enabled
cURL Information libcurl/7.19.2 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
date
date/time support enabled
"Olson" Timezone Database Version 2008.9
Timezone Database internal
Default timezone Etc/GMT+5
Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value
dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.2
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled
exif
EXIF Support enabled
EXIF Version 1.4 $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13 jani Exp $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF
filter
Input Validation and Filtering enabled
Revision $Revision: 1.52.2.44 $
Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value
ftp
FTP support enabled
gd
GD Support enabled
GD Version bundled (2.0.34 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.2.1
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XPM Support enabled
XBM Support enabled
gettext
GetText Support enabled
hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.5
Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1
imap
IMAP c-Client Version 2006k
SSL Support enabled
Kerberos Support enabled
json
json support enabled
json version 1.2.1
libxml
libXML support active
libXML Version 2.7.2
libXML streams enabled
mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value
mcrypt
mcrypt support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream
Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value
mhash
MHASH support Enabled
MHASH API Version 20060101
mysql
MySQL Support enabled
Active Persistent Links 1
Active Links 2
Client API version 5.0.67
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib -lmysqlclient
Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version 5.0.67
Client API header version 5.0.67
MYSQLI_SOCKET /var/lib/mysql/mysql.sock
Directive Local Value Master Value
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.reconnect Off Off
openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8b 04 May 2006
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 7.8 2008-09-05
Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000
PDO
PDO support enabled
PDO drivers sqlite, sqlite2, mysql
pdo_mysql
PDO Driver for MySQL, client library version 5.0.67
pdo_sqlite
PDO Driver for SQLite 3.x enabled
PECL Module version (bundled) 1.0.1 $Id: pdo_sqlite.c,v 1.10.2.6.2.3 2007/12/31 07:20:10 sebastian Exp $
SQLite Library 3.3.7
posix
Revision $Revision: 1.70.2.3.2.20 $
pspell
PSpell Support enabled
Reflection
Reflection enabled
Version $Id: php_reflection.c,v 1.164.2.33.2.54 2008/10/29 13:34:08 felipe Exp $
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler user files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid no value 0
SimpleXML
Simplexml support enabled
Revision $Revision: 1.151.2.22.2.45 $
Schema support enabled
sockets
Sockets Support enabled
SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException
SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c,v 1.166.2.13.2.11 2008/12/01 12:28:27 felipe Exp $
SQLite Library 2.8.17
SQLite Encoding iso8859
Directive Local Value Master Value
sqlite.assoc_case 0 0
standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags no value a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent no value no value
suhosin
Suhosin logo This server is protected with the Suhosin Extension 0.9.27
Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbH
Directive Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 50 50
suhosin.get.max_array_index_length 64 64
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 512 512
suhosin.get.max_vars 100 100
suhosin.log.file 0 0
suhosin.log.file.name no value no value
suhosin.log.phpscript 0 0
suhosin.log.phpscript.is_safe Off Off
suhosin.log.phpscript.name no value no value
suhosin.log.sapi 0 0
suhosin.log.script 0 0
suhosin.log.script.name no value no value
suhosin.log.syslog no value no value
suhosin.log.syslog.facility no value no value
suhosin.log.syslog.priority no value no value
suhosin.log.use-x-forwarded-for Off Off
suhosin.mail.protect 0 0
suhosin.memory_limit 0 0
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 50 50
suhosin.post.max_array_index_length 64 64
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 65000 65000
suhosin.post.max_vars 200 200
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 50 50
suhosin.request.max_array_index_length 64 64
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 65000 65000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 200 200
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no value
tokenizer
Tokenizer Support enabled
xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.2
xmlreader
XMLReader enabled
xmlwriter
XMLWriter enabled
Zend Optimizer
Optimization Pass 1 disabled
Optimization Pass 2 disabled
Optimization Pass 3 disabled
Optimization Pass 4 disabled
Optimization Pass 9 disabled
Zend Loader enabled
License Path no value
Obfuscation level 3
zip
Zip enabled
Extension Version $Id: php_zip.c,v 1.1.2.46 2008/11/12 17:50:37 felipe Exp $
Zip version 1.8.11
Libzip version 0.9.0
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
ionCube Loader
any ideas ?
Hi to all,
I've the same problem with mod security and SMF Gallery (lite).
I contacted my hosting provider because the htaccess "trick" not working (error 500) and they say cannot turn it off for security reasons...
I'm desperate! Any solution?
Thanks!
Regards, jav_tailor.
OLA i'm having trouble with the mod comment profile, it gives the following error when i click to delete or edit comentario comentario:
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
i asked for help in SMFHacks, and they sent me here, i read this topico made the but nothing has happened remained the same mistake you know i say what can i do to have this mod working correctly? :(
Check the file permissions of your index.php file and if 777 check with your host to see if they have any type of restrictions. Also look at your server logs for additional information for the cause.
i noticed all permissoes and all files and folders on my forum are 777 down not have any restriction but remains the same mistake. :(
Did you have a word to your host and/or look at your logs? Some hosts don't allow index.php to run at 777.
i also have the error bellow when i try to do admin actions in quiz and SMG mods
Method Not Implemented
GET to /forum/index.php not supported.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
i run smf 2 rc 1
my index.php is chmoded 755
i tried the .htaccess file but didn`t help
my host told me they will disable mod_security for me but chmoding to 777 doesn`t work well in their server ... whatever that means.
is it vital for index.php to have 777 instead of 755 permission ?
Hello All,
Everything was great until my web host updated the server security the other day. Now all links from my media gallery get an error 406.
The Host Tech's response to my inquiry was:
_________________________
Hello,
Unfortunately it appears this error is being caused by the mod_security on the server, but we will be unable to edit our configuration, as it is an important security feature.
___________________________
SMF is running fine, but all links from media gallery index page get error 406. I've tried all recommendations from this thread nothing has worked.
I'm running SMF 1.1.8 with Media Gallery 1.5.6.
Any other suggestions? I might just bale on my host and get a new one.
Murph
Try to get your host to disable -- only for your domain, or at least for your forum directory -- the mod_security rules that are causing the 406 errors. I suspect that the errors might be related to the presence of ;id in the Media Gallery URLs.
I'm not sure if this is a mod_security problem or not! :(
We're running SMF 1.1.9. We installed the Group Moderators Mod from:
http://custom.simplemachines.org/mods/index.php?mod=171
Almost everything works fine, except (isn't there always an exception?) when I click the group number on:
http://discoverhebrewroots.com/index.php?action=groups
the link generated is either of these two links depending on the group:
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=13
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=9
I get a 406 Not Acceptable error:
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at discoverhebrewroots.com Port 80
The forum error log gives no errors, but the server error log gives:
[Mon May 25 00:01:45 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups
[Mon May 25 00:01:38 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups
I ran phpinfo and mod_security is not listed anywhere. I tried the mod_security htaccess fix, and it doesn't seem to do anything at all.
I cannot figure out where the 406 is coming from... :(
Thanks in advance for any help.
As a webhost I would like to learn more about this issue since its a bad idea to compromise with security just to get some software working. On the other hand its really bad policy not to try to find ways to get things working for clients that want to use that software...
mod_security does not like SMF because it consider it to be a bad boy that try to use PHP session attacks and PHP injection attempts:
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]
The question is what SMF is doing to get caught doing this and can it be resolved through creative rewrite rules och code changes rather than compromise server security?
I would also like to point out that many webhosts are abandoning the old insecure way to handle permissions and are turning to solutions like PHPSUEXEC or SUPHP which means that if a client tries to set folders above 755 and/or files above 644 will throw errors as well. It does not effect the script itself and it run just fine on 755/644 settings but is alot safer than opening up your server for everyone in the world to abuse.
Not sure if anyone here might be effected by this, but it may not hurt to ask your host just to be sure. If your host use something like this no fix in the world will get SMF working until you change all file permissions accordingly.
Quote from: Mortfiles on June 04, 2009, 12:06:08 PM
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]
Lines 249-251 in http://downloads.prometheus-group.com/delayed/rules/modsec/10_asl_rules.conf
# Rule 340076: PHP defenses
SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)" \
"id:340076,rev:2,severity:2,msg:'PHP Session attack'"
I see that this version I found is rev "2", while you have rev "1". Can you post the rule from your copy of 10_asl_rules.conf? This file can be in /etc/httpd/modsecurity.d/ or in other locations, depending on your server setup.
I have problem with mod SMF Gallery Lite...
When I try to make some actions I recive this message
Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
What to do? I modiffy .htpaccess file but problem is same...
I wonder why no one reply to "Mortfiles" post.
I think it would be important to make some kind of ruleset for SMF forum (whit dif modules loaded, + extra one whit dif. languages loaded) that hosts can apply easily. Or some common ones at least that one can send to hes host to exclude. Because as i understand from the host, it can benefit SMF forum ( or can it not?)
mode_security is not going anywhere and more and more servers have been starting to use it (and many of them do not allow to disable it whit .access file) so it would be important to look in to this issue.
Should .access file turn it off completely (so that it will not interfere whit any mods) and will host admin get some notification about it? Or will it turn off only some parts? How do i know if it's completely off once the forum started to work after .access trick?
Sorry for dumping but i also have problems whit .access file and this topic seemed to be the best one to add my thoughts.
Do you have mod_security or mod_security2?
The problem with ModSecurity is that its become so restrictive that it severely hinders many useful web tools. They are aware of this but they dont seem to really care either.
That said they have released this document http://blog.modsecurity.org/2007/02/handling-false.html that provides instructions so a host can custom write rules or whitelists that tells the program to trust certain files. Its better then a hosts usual response to either turn off the 2 or 3 most restrictive rules or even ModSecurity all together if they are willing to do anything at all. Of course in my opinion if a host isn't willing to work with you its time to find a new host.
Hi. I have a problem. When I try to install SMF 2.0 RC 3 forum. I get an message:
The installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.
What I can do with this?
sory for my english
Read the first post in this topic.
I add this code:
<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
in my .htaccess
This file is located in a root folder of site.
But it is not solve the problem
nobody knows?
Our board just moved to a new host that uses mod_security and we now find that if a member attempts to post with the strings "select" and "from" appearing anywhere in the message, we get a server error. I contacted our host provider and they said it's due to one of the filters attempting to block a potential SQL injection attack. Their only solutions were to disable mod_security or tell our members not to use the words select and from, even if they are substrings of another word. Any suggestions?
For example, the following line in a message body would trigger an error:
There is a fine selection of shows on fromthetop.org
Either disable mod_security or find a better host. That's an awful filter to put in production.
Wow, this problem is known since 2005 and never got fixed - impressive!
I don't think the host is bad coz he got security in place SMF apparently can't handle....2010 now... SMF2 RC3 still can't handle. Maybe time for a better forum software!?
If you actually bother to read about the issue, you would know it is about certain non-standard rules that trip up many products as well as SMF. If a host tosses up rules without understanding the impact they can have, they are a bad host to stay with as they are incompetent.
mod_security, if used intelligently, will work fine with SMF. In general, Suhosin would probably be a better choice, but many hosts won't recompile PHP for it. Unfortunately, many hosts don't use mod_security in an intelligent way - they just know that "more rules are better" and break things. If you're on shared hosting, you won't have the ability to choose the right filter rules and thus will have to try and disable the module entirely.
Okay, and since most hosts are just too dumb to apply mod_security properly, especially to work with SMF, those seem to have no other issues as they use this mod since years with everything else on their servers.
I really wonder what is the problem here..
Quote from: Forum Guy on September 25, 2010, 04:47:48 AM
I really wonder what is the problem here..
Silly rules being implemented with restrictions like "can't have the word "post" in a get string. Yeah... Heck, I recall one poster earlier to either this topic or another where this module was being a problem. They
couldn't write certain words in their forum posts. That's not an SMF issue, and I think was proven to be a bad mod_security rule by some simple tests that showed it affected
any application.
I wouldn't say "most" hosts, anyway. If this was a huge issue, the topic would be much longer. Heck, you're the first new poster to this topic since April.
May I note that even the creator of mod_security, Trustwave, has noted that false positives are
common because some of the rules are so generic? They even made a whole post about whitelisting false positives (http://blog.modsecurity.org/2007/02/handling-false.html) some years ago.
The real problem is not SMF, it's small-time webhosts using a product they aren't familiar with and which has been acknowledged by the author of needing to be tailored to the content running on the server (in other words, it's not suitable for mass shared hosting) being used for shared hosting. Then they compound it by grabbing "restrictive" rulle sets above the core and using those.
Okay, thanks, what makes me wonder in my particular case I can (click) view any image attached to a forum post just fine BUT in the Admin/forum/attachments you click on SAME image name and it throws that error?
how can that be?
In other words, in the Admin panel all/every attachment image you try to view shows error while same images in their forum posts show up fine!?
something does not fit here..
Possibly it doesn't like the referrer header line with the hex values in the URL. Possibly, it's some other hidden thing. Do you have access to the error log to see what the error is?
Error log is clean - no related entry!
There is a specific mod_security audit log. If you don't see it, ask your host to forward the appropriate log lines to you.
Okay, will do!
Support looked into it and confirmed - however, I wonder SMF2 code in admin/ browse attachments could be altered to pass this rule? This is the only 1 incident I have seen with security_mod enabled - all else seem to work fine.
I have confirmed that the issue is indeed mod_security, as the below excerpt from the error_log confirms.
@biz93 [~]# tail -f /usr/local/apache/logs/error_log | grep enchanting
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.154.170] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:action. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950006"] [msg "System Command Injection"] [data ";id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "$$$$$$.biz"] [uri "/SMF2/index.php"] [unique_id "TJ9Pos2G@VUAAF2QVCoAAAEP"]
What's the URL it's flagging? Feel free to obscure the domain, the URI is really the important part.
I guess you mean the referrer URL? here we go:
referer: http://deleted.biz/SMF2/index.php?action=admin;area=manageattachments;sa=browse;c1a9277=1b2045b57f74e6a132b71b66f315a6e2
The actual link to the file as well, please.
okay, this is the complete thing - nothing more on offer
@biz93 [~]# tail -f /usr/local/apache/logs/error_log | grep enchanting
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.xxx.170] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:action. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950006"] [msg "System Command Injection"] [data ";id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "deleted.biz"] [uri "/SMF2/index.php"] [unique_id "TJ9Pos2G@VUAAF2QVCoAAAEP"]
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.xxx.170] File does not exist: /home/deleted/public_html/501.shtml, referer: http://deleted.biz/SMF2/index.php?action=admin;area=manageattachments;sa=browse;c1a9277=1b2045b57f74e6a132b71b66f315a6e2
But what is the URL that is being requested that trips that?
I am no regex expert but I am under the impression that this part of the url string is throwing the command injection?!
....c1a9277=1b2045b57f74e6a132b71b66f315a6e2
The fix seems simple to me since we're basically talking about "viewing images" - the way it happens in the forum message with attachment works fine. Browsing/viewing an attachment from within the admin panel triggers an error vomit. Consequentially adjust the admin panel code (browsing attachments) the way image viewing is done from within the forum message and all should be well, no?
Just my two-cents, mod_security now comes built-in with cPanel hosting, and I've seen a way to edit mod_security so that it doesn't trip up Wordpress sites. If some guru were able to have an edit that would work for SMF, that could be a big leap.
Also the .htaccess fix doesn't work on the new version of mod_security (2), only way I know to disable it for a domain is to add an entry for the domain to:
/usr/local/apache/conf/modsec2/whitelist.conf
then restart http
of course one should be careful when doing such things and check with their provider first as mod_security does actually prevent a lot of bad stuff. If only it didn't mess with good software like SMF and Wordpress...
Quote from: Forum Guy on September 27, 2010, 05:39:34 PM
I am no regex expert but I am under the impression that this part of the url string is throwing the command injection?!
....c1a9277=1b2045b57f74e6a132b71b66f315a6e2
Based on the regex you provided for the rule, it doesn't seem to be so. This is why I keep asking for the exact URL that is causing the issue. The regex appears to be looking for things like "telnet.exe"
anywhere in the URL path.
If i get the full URL that is causing problems, i can run it through my tools and see what is matching to determine
why it is being detected as a problem.
Quote from: [Unknown] on August 07, 2005, 06:22:59 PM
Create a phpinfo.php file. What is phpinfo.php? (http://www.simplemachines.org/community/index.php?topic=18250.0) If it contains "mod_security" anywhere in it, you have it.
Contact your host, then, and tell them of your problems. Point them to this topic. Perhaps they can create the file for you.
-[Unknown]
Warning: phpinfo() has been disabled for security reasons in /home/foromag/public_html/phpinfo.php on line 1 :(
you will need to speak to your host :)
Not sure if this will help anyone buy I asked Namecheap to disable mod_security and they suggested whitelisting whatever was triggering the rule. They fixed it within minutes and let me know what was triggering the rule. They let me know the following:
The software that posted the information converted some characters into hexadecimal representations, and while this was a POST request, the mod_security scanned it and found it suspicious.
Cheers,
Decanus
Thanks for the information, however, this topic was last posted in seven years ago, relates to an outdated version of SMF, and is marked as solved. As a result, it is being locked. Please avoid reviving such old topics in future, especially if they have been marked as solved.