Simple Machines Community Forum

SMF Support => SMF 1.1.x Support => Topic started by: [Unknown] on April 26, 2005, 12:07:59 AM

Title: Having problems with mod_security?
Post by: [Unknown] on April 26, 2005, 12:07:59 AM
Some hosts have begun installing something called mod_security.  This filters posts and URLs for certain key words, and if they are found, spits out an error.  Many people are experiencing problems because of this.  Problems include weird "403" or access denied errors, login problems, and similar.

For example, if I were to post this:

Quote
Have you ever used cURL?  You can find information about it at http://curl.haxx.se/.  More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.

On a server with mod_security enabled, I'd get an error.  This error wouldn't be preventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.

However, depending on your host... it may be possible to disable this unnecessary and unwanted behavior.  Since SMF is able to (properly) filter requests without resorting to just blindly grasping at keywords, doing so should be completely safe.  If you don't trust me, live with the false positives or talk to your host to have the mod_security filtering rules changed.

To try to disable it, create a file with the name "htaccess.txt" and put the following in it:

Code: [Select]
<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.

How do I modify files? (http://www.simplemachines.org/community/index.php?topic=24110.0)

If your host doesn't allow you to disable mod_security, the forum will no longer load.  Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made.  However, if this does happen you will not be able to disable mod_security's filtering.

-[Unknown]
Title: Re: Having problems with mod_security?
Post by: Joshua Dickerson on April 26, 2005, 12:14:37 AM
I was interested in this so I found this url http://www.modsecurity.org/projects/modsecurity/apache/index.html and it seems like a stupid module if you are a decent coder. Fortunately, security is one of SMF's strong-suit.
Title: Re: Having problems with mod_security?
Post by: binary on July 14, 2005, 01:37:00 PM
thanks Unknown you helped out a lot
Title: Re: Having problems with mod_security?
Post by: Knight2211 on August 03, 2005, 11:46:05 PM
Thanks Unknown, worked 100%
Title: Re: Having problems with mod_security?
Post by: m0to on August 06, 2005, 12:13:47 PM
Cheers unknown helped alot!!!  :D
Title: Re: Having problems with mod_security?
Post by: Elmacik on August 07, 2005, 05:23:31 PM
hi

i opened two new topics under help threads named;
1- Internal server error when registering a new user
2- Themes not showing.

in both topics, moderators directed me to this thread.
but, my host cannot be using mod_security, because their board is also smf.
and they dont have the problems i do.
additionaly, host doesnt allow dot files to be upload (like .htaccess)
Title: Re: Having problems with mod_security?
Post by: [Unknown] on August 07, 2005, 06:22:59 PM
Create a phpinfo.php file.  What is phpinfo.php? (http://www.simplemachines.org/community/index.php?topic=18250.0)  If it contains "mod_security" anywhere in it, you have it.

Contact your host, then, and tell them of your problems.  Point them to this topic.  Perhaps they can create the file for you.

-[Unknown]
Title: Re: Having problems with mod_security?
Post by: Aisling on August 11, 2005, 06:32:07 PM
Thanks, it works like a charm  ;)
Title: Re: Having problems with mod_security?
Post by: DrateX on August 27, 2005, 01:15:19 AM

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]

What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?
Title: Re: Having problems with mod_security?
Post by: [Unknown] on August 27, 2005, 01:17:28 AM

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)
-[Unknown]

What folder should this be uploaded to? Main SMF folder that contains the index? or our main root directory that is 1 folder before the SMF folder?

Either folder works fine.  I suggest the directory SMF is in, which contains index.php and Settings.php.

-[Unknown]
Title: Re: Having problems with mod_security?
Post by: mkh on September 29, 2005, 07:01:45 AM
Dear Unknown et al,
I just wanted to add my thanks for this (and appropriate search targets). I've been getting http 500 (internal server) error (since moving to - otherwise excellent - host) when trying to amend themes from admin and also none of our avatars were showing up on site (if changed by user). But this .htaccess amendment has solved both my problems.  :D
cheers
Mandy
PS still on v1.0.5
Title: Re: Having problems with mod_security?
Post by: frost on September 30, 2005, 01:49:00 PM
I did these changes and i really want to see if it fixes my problems.


BTW: [Unknown], how come you're SMF Friend now?
Title: Re: Having problems with mod_security?
Post by: Villesa on October 18, 2005, 03:47:48 PM
He has IRL projects that takes up his time, and other internet projects also.
Title: Re: Having problems with mod_security?
Post by: nenoXtreme on November 23, 2005, 07:38:35 AM
It was killing meeeeeee!  >:(

But  :P Thanks to You , I sleep again, like a baby..  ;D

You rule! Let the source be with You!  ;D
Title: Re: Having problems with mod_security?
Post by: Cottelletje on December 17, 2005, 11:02:26 PM
i did what you said unknown but in IE i still can't see my forum :'(
Title: Re: Having problems with mod_security?
Post by: DucTX on December 25, 2005, 08:31:09 AM
i have the problem that my packages site in the admin center is not shown because of error 500. i already asked somewhere else and now i am here. i dont know how to solve my problem. is there anything left i can do? this is my phpinfo (http://www.bl-53.de/phpinfo.php) and i cant find anything inside there about mod_security and the thing with the ".htaccess" doesnt work too.
Title: Re: Having problems with mod_security?
Post by: auto394812 on December 29, 2005, 05:59:28 PM
I really think that simply passing the buck off to the server is a bad call by the coders.

For people who are still having this problem as I was on my server, check out Oldiesmann's solution (http://www.simplemachines.org/community/index.php?topic=58538.msg407684#msg407684) which solved my problem.
Title: Re: Having problems with mod_security?
Post by: DucTX on January 01, 2006, 06:52:44 AM
i thought the new release candidate would maybe solve my problem but the error 500 when opening the packages site is still there.  please help.
Title: Re: Having problems with mod_security?
Post by: Grudge on January 01, 2006, 07:37:45 AM
DucTX, your server may not support gz. If you don't have any packages in your Packages directory can you access it then? If so try un-tarring the package on your home PC, then uploading the extracted files to a sub-directory of the Packages directory.
Title: Re: Having problems with mod_security?
Post by: DucTX on January 01, 2006, 08:58:31 AM
i worked fine at the beginning and i installed some packages. could be that the problem is the gz. i will check it.

EDIT: Yes the gz files caused the problem. thanks. great now my smf works fine again.  :)
Title: Re: Having problems with mod_security?
Post by: LostProphecy on January 12, 2006, 10:06:06 PM
something interesting that i've come across when trying to do this... i've never touched these files before cause i didn't even know what they were for, however when i went looking for them i found that i had two, one renamed that was last edited 12 june 2005 and a new one edited 17 june 2005...

i've never touched them however they have been changed

the 12 june one had this in it (the renamedone)

Code: [Select]
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.lostprophecy.com
AuthUserFile /home/kodee1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/kodee1/public_html/_vti_pvt/service.grp

but the new one that replaced it has nothing in it...

i'm wondering if this might be causing the log in problems, or if infact having it blank might cause other problems
Title: Re: Having problems with mod_security?
Post by: jennielinn on March 19, 2006, 06:48:27 AM
Well greyknight directed me to this fix and it worked like a charm ;D
I was getting the "not acceptable" error when I clicked "current theme settings" and "layout" in Forum
Setting. I did the htaccess fix and now no worries, you all are the greatest :)

Title: Re: Having problems with mod_security?
Post by: Quoth on March 22, 2006, 12:41:22 PM
Excellent quick fix, my forums now run smoothly in both browsers as i seemed to get this more with IE than firefox. It also seems it's fixed some of the session errors i was having with logging off.

Thanks [Unknown]!
Title: Re: Having problems with mod_security?
Post by: drdave on March 25, 2006, 12:07:23 AM
Ok maybe I missed it but once I create the .htaccess file where do I place it on my server?

Thanks
Dave
Title: Re: Having problems with mod_security?
Post by: JayBachatero on March 25, 2006, 12:22:35 AM
In the forum's root folder along with Settings.php, index.php and so on.
Title: Re: Having problems with mod_security?
Post by: drdave on March 25, 2006, 12:23:48 AM
Great thanks!

Dave
Title: Re: Having problems with mod_security?
Post by: Tazpot on April 06, 2006, 06:29:30 PM
Fantastic that sorted all my troubles out.
I was getting a stupid 403 error when trying to install smfarcade and couldn't figure why, then i stumbled upon this nifty post

 [unknown] you are a God!!   ;)
Title: Re: Having problems with mod_security?
Post by: RoarinRow on May 17, 2006, 03:07:25 PM
I got this 'HTTP Error 403 - Forbidden error' today, which I haven't seen in a while.  The last time I saw it I was installing Arcade games.  It went away by itself.

I tried the fix on the first page, but I got this error from my FTP application:

350 File exists, ready for destination name
    RNTO .htaccess
550 Permission denied on server.  You are restricted to your account.
    DELE htaccess.txt

I guess there's one there, but I can't see it.  I use SmartFTP 1.5.

Before I got this error message I was just refreshing the page.  I couldn't see the avatars, just a blank box.  Then I went to the forum/index page, then it was ok. then I refreshed the page one more time, then I got this error.  Shocked me cause it was in red bold lettering.

Any ideas?  I will also report to my web host.

Thanks!
Title: Re: Having problems with mod_security?
Post by: redone on May 17, 2006, 03:10:20 PM
If I am reading you right and you cannot remove a file via ftp contact your host and you will be able to resolve it. Sometimes the way the server is set up there can be some instances when a file is created and you cannot remove it yourself. Send them the details of the file you cannot remove.

Title: Re: Having problems with mod_security?
Post by: RoarinRow on May 17, 2006, 03:13:22 PM
If I am reading you right and you cannot remove a file via ftp contact your host and you will be able to resolve it. Sometimes the way the server is set up there can be some instances when a file is created and you cannot remove it yourself. Send them the details of the file you cannot remove.



Doing that now, thanks!
Title: Re: Having problems with mod_security?
Post by: BigMike on June 01, 2006, 12:22:20 PM
Thankyou again Unknown. Last night right at midnight, this problem started happening on our forum.

A couple of searches later and it was resolved ;)

This must have been the quickest issue I've ever fixed before lol

Cya
BigMike
Title: Re: Having problems with mod_security?
Post by: Overseer on July 17, 2006, 04:40:35 PM
i had this appear today too after restarting my VPS
Title: Re: Having problems with mod_security?
Post by: JayBachatero on July 17, 2006, 04:53:12 PM
Did you try the .haccess changes?
Title: Re: Having problems with mod_security?
Post by: Jared867 on August 08, 2006, 10:12:36 AM
Thank you Unknown. That worked like a charm!
Title: Re: Having problems with mod_security?
Post by: G.I. Jimbo on August 19, 2006, 12:10:45 AM
I just installed the SMF forum software onto my account.  As soon as everything was done installing, I tried to go to the index.php page to set things up but got a blank page.  I asked for help with this in another thread but was told to come here.  I tried the whole htaccess thing and my problem was not fixed.  Any other ideas?  My host is 1500mb.com and my site is galaxymod.1500mb.com/forum
Title: Re: Having problems with mod_security?
Post by: silencer0 on August 26, 2006, 10:33:00 AM
THX SO MUCH NOW IT WORKS MY PROBLEM IS "[solved]" lol HAHAHA THX SO MUCH :D :D :D
Title: Re: Having problems with mod_security?
Post by: Jacen on September 07, 2006, 11:04:57 PM
Just a suggestion to the dev crew: Is it possible to get a little warning to appear to admins (only admins) if mod_security is installed?
Title: Re: Having problems with mod_security?
Post by: marcnyc on October 09, 2006, 12:58:15 PM
Code: [Select]
<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

-[Unknown]

thanks Unkown, your workaround worked perfectly...
just a question: am I supposed to put this stuff in a .htaccess file within the SMF folder? or is it safe to put it in the main .htacess file of the whole website (in the root)? in other words, I put it in the root's .htaccess and it seems to ahve fixed the SMF problem (which is not in the root) but I was wondering if I am exposing myself to other risks having it in the root.

Thanks
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on October 09, 2006, 02:16:22 PM
It is possible you will expose yourself to some problems if you turn mod_security off sitewide, especially if you run other dynamic software (blog, poll, etc)
Title: Re: Having problems with mod_security?
Post by: Aquire on October 23, 2006, 10:35:22 AM
Thank you

You have save my life ... ;D
Title: Re: Having problems with mod_security?
Post by: BGonaSTICK on November 09, 2006, 07:20:57 AM
Superb - just about to go and request my host deal with this (they have mod_security installed), but for info, I was (am) getting 403's on the 'next >>' link used for cycling through posts on a board.

Interestingly enough, this was only happening in Firefox (V1.5.0.7, V1.5.0.8 and V2.0 at least). No 'errors' caused on the board, but the logfile was stuffed with them.

I'll try your fix first, but I'm sure this is it.

Thanks a lot as usual.
Title: Re: Having problems with mod_security?
Post by: FNF on November 27, 2006, 01:53:18 PM
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

I have deleted their acounts twice now as this has happened on two different occasions..

I have no idea how this could happen. Anyone?

Also, isn't it possible to make a new poster have all new posts to a certain count "authorised" before they are even seen to stop this too?

help! What can I do to stop this security issue?

Title: Re: Having problems with mod_security?
Post by: Jacen on November 28, 2006, 06:12:42 AM
I'd say you have a password security breach.
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on November 28, 2006, 12:34:33 PM
I think this is the best place to post a problem I am having.. I and one other person are the only ADMINs on our site, and one Global Mod. Recently, somehow, someone registers on the site, and they somehow are able to send out ADMIN notifications to all users, and they happen to be porn/spam.  >:(

Are you sure it isn't just a PM notification?
Title: Re: Having problems with mod_security?
Post by: Bashar on December 17, 2006, 05:44:47 AM
as a host, wouldn't this breach the security and allow users to run banned URLs by mod_security ?
Title: Re: Having problems with mod_security?
Post by: Jacen on December 17, 2006, 06:08:00 AM
Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security
Title: Re: Having problems with mod_security?
Post by: joeyteel on December 23, 2006, 02:38:41 PM
Not from what I understand.

Besides, I'm sure you can disable the disabling of mod_security

Yes, you can, but unless you compile mod_security to also disable .htaccess modification of rules you can still prevent the rules set in the server config from taking effect unless the host has specified their rules as mandatory and thus can't be disabled by .htaccess files
Title: Re: Having problems with mod_security?
Post by: Jacen on December 24, 2006, 05:00:20 PM
Or the host can ban the disabling of it via their TOS :)
Title: Re: Having problems with mod_security?
Post by: Jacen on January 07, 2007, 05:29:03 AM
1) Why do you WANT to be spamed?
2) isn't that off topic?
Title: Re: Having problems with mod_security?
Post by: J. Williams on January 07, 2007, 05:29:37 AM
1) Why do you WANT to be spamed?
2) isn't that off topic?

I've reported it, so it should be dealt with soon :)
Title: Re: Having problems with mod_security?
Post by: Jacen on January 07, 2007, 05:47:44 AM
Now why didn't I think of that? :P
Title: Re: Having problems with mod_security?
Post by: aboutpik on January 08, 2007, 03:35:26 PM
Thanks a lot,pal! it works! ;D
Title: Re: Having problems with mod_security?
Post by: youngspider on January 17, 2007, 03:14:03 PM
i must say thank u very much to the person ...gave that nice Sharing its 100% Work ....
Title: Re: Having problems with mod_security?
Post by: angelamae on February 07, 2007, 12:49:33 AM
I tried this and it still is giving me issues when i try to copy/paste text into a thread.. :(

how can i get it to not???
Title: Re: Having problems with mod_security?
Post by: Oldiesmann on February 09, 2007, 07:32:06 PM
If the fix didn't work, complain to your host and ask them to disable that feature. If they won't listen to you, find a better host.
Title: Re: Having problems with mod_security?
Post by: crud3w4re on February 11, 2007, 06:08:02 PM
hmm anyone using hostgator? I just signed up with them, are they doing this?
Title: Re: Having problems with mod_security?
Post by: CoreISP on February 12, 2007, 06:52:48 AM
Hi crud3w4re,

First of all,
Beware of hostgator, they are a massive overseller,
if may happen that you get in trouble if your community ever grows big.

If you want to check if mod security is enabled,
put this in a php file (for example, phpinfo.php) and upload it to your site with them:

<?php
phpinfo();
?>

Just open the file from your browser and you will see all the functions enabled,
just do a search with your browser on that page for "mod_security" and if it gives you results, then yes, they have it enabled.


Yours,
- Liroy
 
Title: Re: Having problems with mod_security?
Post by: crud3w4re on February 13, 2007, 07:11:19 AM
So .. Are you saying that if my site gets big, they'll kill the site?
Title: Re: Having problems with mod_security?
Post by: CoreISP on February 13, 2007, 07:22:39 AM
I'm not saying they will do it,
i'm just saying chances that that happends are quite large :)
They offer impossible things...
Title: Re: Having problems with mod_security?
Post by: MOH: Rising Sun Master on February 13, 2007, 12:16:26 PM
NOTE TO KXUK HOSTING USERS:

     If you are having a problem with mod_security, email me at Wildfire@kxuk.net and I shall fix you up o.O
Title: Re: Having problems with mod_security?
Post by: alicanosman on February 17, 2007, 01:09:49 PM
thanks    :D
Title: Re: Having problems with mod_security?
Post by: hawkshaw on February 26, 2007, 08:50:04 AM
How can i modify .htaccess inside the folder that i cant access ?

My host will do that ?
Title: Re: Having problems with mod_security?
Post by: CoreISP on February 26, 2007, 12:28:23 PM
If you need to modify something in a folder to which you dont have acces, then yeah, you will have to ask your host to do that...
But I dont see why you would have to modify something in a folder to which you dont have acces to in the first place?
Title: Re: Having problems with mod_security?
Post by: hawkshaw on February 26, 2007, 03:36:52 PM
I just suddenly lost access to my own forum folder, it was 755 then suddenly changed into 000...
Quote
Forbidden
You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on February 26, 2007, 09:08:41 PM
Your host will need to set the mode back properly.

I don't know of anything in SMF that could cause all modes to be lost.
Title: Re: Having problems with mod_security?
Post by: hawkshaw on February 26, 2007, 10:06:38 PM
... right now they're trying to fix it up,
ive talked to them they should come here and ask you guys if they need any help, but they refused. I surely hope they know what theyre doing..  
Title: Re: Having problems with mod_security?
Post by: Jacen on March 04, 2007, 11:30:13 PM
It surely can't be too hard to fix the problem... I mean,

chmod 755 /home/username

as root will restore it.   
Title: Re: Having problems with mod_security?
Post by: Taintedlore on March 13, 2007, 09:30:52 AM
Thanks, I was getting the 404 error and now its working fine after modifying my htaccess file!
Title: Re: Having problems with mod_security?
Post by: ictus on March 16, 2007, 07:15:28 AM
I tried this method but I get a 500 error, I tried the .haccess in the root and in the SMF folder.

I'm using TotalChoiceHosting, who are pritty good, and most of members can post and view the forums no problem, just a few can't post, is there a nother version of the code that may work?
Title: Re: Having problems with mod_security?
Post by: hawkshaw on March 17, 2007, 09:55:02 AM
now i cant edit my own style sheet, fatal error happen everytime i try to change style.css permission, as well as the other files.

im not sure if it has some connection with htaccess issue, cos ive editted .htaccess exactly like TS said.  
Title: Re: Having problems with mod_security?
Post by: Arrisje on March 24, 2007, 01:34:27 AM
Does this work on 110mb.com?
Title: Re: Having problems with mod_security?
Post by: dobomode on March 26, 2007, 10:17:30 PM
Has anybody been able to htaccess disable the new version of mod_security (2.1.0)?

I recently got a new server and it's got mod_security 2.1.0. I want to disable it, but just for SMF, not the rest of the web applications, but the rules syntax seems to have changed.

Thanks!
Title: Re: Having problems with mod_security?
Post by: Oldiesmann on March 27, 2007, 01:52:31 PM
I tried this method but I get a 500 error, I tried the .haccess in the root and in the SMF folder.

I'm using TotalChoiceHosting, who are pritty good, and most of members can post and view the forums no problem, just a few can't post, is there a nother version of the code that may work?

500 error either means you accidentally mis-typed something, or that your host doesn't allow you to change things that way with .htaccess. Double-check to make sure you entered it correctly, and find another host if you can't disable it.

now i cant edit my own style sheet, fatal error happen everytime i try to change style.css permission, as well as the other files.

im not sure if it has some connection with htaccess issue, cos ive editted .htaccess exactly like TS said. 

What error are you getting?

Does this work on 110mb.com?

I don't know. Try it and see :)

Has anybody been able to htaccess disable the new version of mod_security (2.1.0)?

I recently got a new server and it's got mod_security 2.1.0. I want to disable it, but just for SMF, not the rest of the web applications, but the rules syntax seems to have changed.

Thanks!

Looks like the rules have changed (according to their site - www.modsecurity.org).

Try this:

Code: [Select]
<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecRuleEngine Off

# The below probably isn't needed, but better safe than sorry.
SecRequestBodyAccess Off
</IfModule>
Title: Re: Having problems with mod_security?
Post by: ictus on April 15, 2007, 08:43:29 AM
ust a not of the .htaccess file, I've tried several ways to edit it, and using the method described here, didn't work for me.

I'm using cpanel, and found if i goto file manager and edit the htaccess file directly the mod in this topic works.

Hope that helps those that may have had trouble like myself.
Title: Re: Having problems with mod_security?
Post by: spoontosser on April 15, 2007, 12:57:53 PM
Quote
I'm using cpanel, and found if i goto file manager and edit the htaccess file directly the mod in this topic works.

I had the same difficulty, and this worked for me as well. Thanks!
Title: Re: Having problems with mod_security?
Post by: kimba on April 16, 2007, 09:51:22 PM
Every time I tried to download a package, I get this error:

Quote
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

The package I'm trying to install comes straight from this site. :S Someone help?
Title: Re: Having problems with mod_security?
Post by: amelia on April 26, 2007, 01:44:02 AM
I've been getting the "Forbidden - You don't have permission to access /bb/index.php on this server" message. 
I followed the .htaccess fix, which didn't appear to solve the issue.  Contacted my hosting company and they said they couldn't disable the mod_security on their server.

So, do I have any other options in regards to fixing this error?  Or am I faced with having to swap hosting companies/finding a new forum?  (neither of which I'd like to do if I can avoid it).

Any help greatly appreciated!

Thanks :)
Title: Re: Having problems with mod_security?
Post by: metallica48423 on April 26, 2007, 01:58:32 AM
make sure the owner of the files are the correct one, also ensure that the permissions are correct (should be 777 or 755 permissions on unix servers,  read+write on windows hosting)
Title: Re: Having problems with mod_security?
Post by: Tramposch on May 05, 2007, 12:37:09 AM
how do you change it using apache, like by making an exception or w/e.
Title: Re: Having problems with mod_security?
Post by: al_ltoticmat on May 07, 2007, 11:56:43 AM
<Files *>
   Order Deny,Allow
   Deny from all
   Allow from localhost
</Files>

In my regular file
Title: Re: Having problems with mod_security?
Post by: TheLyricist on May 07, 2007, 09:23:28 PM
Hey guys... I also have troubles with mod_security...
After the
Quote
The installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.

Click here to try installing anyway, but note that this is strongly discouraged.
message, i click here and it shows me a page with basic settings... When i click proceed, it just stays on that page... I can keep on clicking, and it will still stay on the same page...
Any help?
Title: Re: Having problems with mod_security?
Post by: LeberMac on July 20, 2007, 09:56:29 AM
The .htaccess file worked for me. Awesome.
Title: Re: Having problems with mod_security?
Post by: greyknight17 on July 21, 2007, 12:15:50 AM
@TheLyricist: Did you try using the .htaccess file at all? That might help ;)
Title: Re: Having problems with mod_security?
Post by: FaNtEcH on August 21, 2007, 06:19:47 AM
Thanks. My host did that. Thanks again for the tweak!
Title: Re: Having problems with mod_security?
Post by: kaldingo on September 04, 2007, 08:32:36 PM
make sure the owner of the files are the correct one, also ensure that the permissions are correct (should be 777 or 755 permissions on unix servers,  read+write on windows hosting)
permissions on what??

I am experiencing this issue.  the first htaccess edit did nothing.  the 2nd resulted in a 500 error.
Title: Re: Having problems with mod_security?
Post by: SMASH on September 17, 2007, 05:00:55 PM
Hello,
 Just wanted to say "Thanks" for this. I have my new forums and websites with Dreamhost and they have this mod_security running.

Just wanted everyone to know that when I put this in my root folder the forum would not show up, so I moved it to the folder that has my SMF in it and it works.
Title: Re: Having problems with mod_security?
Post by: Rafferty on October 03, 2007, 04:02:05 AM
Putting the htaccess file in actually gave me the error 500, ???
Title: Re: Having problems with mod_security?
Post by: johny000 on October 03, 2007, 04:39:25 AM
hello guys  how are you all
I'm  Having problems  with  smf v1.1.4

i have two smf
the 1st smf v1.1.3
http://www.mywebsite.com/sahdona/forums/
the 2st smf v1.1.4
www.mywebsite.net/smf

with the 1.1.3 ever thing is working nice no error
& with 1.1.4 I'm  keep gating the Error 500 ever time I'm trying to backup my db or chicking my pm

can you guys look at it & tell me what  can i do & how can i fix this please


thank you
Title: Re: Having problems with mod_security?
Post by: r3skyline on October 03, 2007, 03:40:06 PM
im having the same trouble as TheLyricist
Title: Re: Having problems with mod_security?
Post by: nizoo on October 16, 2007, 06:36:14 PM
RESPECT! worked great :) thanks alot
Title: Re: Having problems with mod_security?
Post by: FragaCampos on October 28, 2007, 01:11:52 PM
Thanks!
It solved the problem in my forum's login
"406 Not Acceptable
An appropriate representation of the requested resource /index.php could not be found on this server."

 :)
Title: Re: Having problems with mod_security?
Post by: souljaa on December 17, 2007, 08:21:04 PM
Hey! I still get the same error, and I added the things mentioned in the .htaccess file.
But when I opened the .htaccess file, there was nothing in it, is that normal?
Now when I open it, it still has the code in it, but still doesn't work. (The SMF Gallery Mod)
www.gfxpros.org
Thanks
Souljaa
Title: Re: Having problems with mod_security?
Post by: FragaCampos on December 19, 2007, 09:11:20 AM
It worked for me.
Did you do everything like in the first post?
Title: Re: Having problems with mod_security?
Post by: Sarge on December 19, 2007, 10:16:16 AM
Try the updated rules:
http://www.simplemachines.org/community/index.php?topic=34270.msg1025267#msg1025267

Make sure you upload .htaccess to the right place: either the root directory of your site or your forum directory.
Title: Re: Having problems with mod_security?
Post by: Scanlite on December 26, 2007, 02:45:18 PM
It seems i am having the exact OPPOSITE problem that no one seems to be able to help with!

My forum will not load AFTER LOGGING IN?

can anyone help out with some advice or assistance to help me solve this problem please?
Title: Re: Having problems with mod_security?
Post by: Sarge on December 26, 2007, 03:05:38 PM
My forum will not load AFTER LOGGING IN?

Please let's continue support about this in the topic you started. ;)
http://www.simplemachines.org/community/index.php?topic=213083
Title: Re: Having problems with mod_security?
Post by: masterb on March 12, 2008, 09:45:56 AM
When I post %simbol, I get error Bad Request.
Example: %qqqqqqqqqqqqqqqqq

modsec_debug.log
Quote
[12/Mar/2008:04:00:44 +0300] [forum.XXX/sid#80cf340][rid#844c1c0][/index.php][1] Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:message. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]

modsec_audit.log
Quote
--c0166218-A--
[12/Mar/2008:04:00:44 +0300] 93vY-n8AAAEAAHeCgIQAAAAC 127.0.0.1 41404 127.0.0.1 443
--c0166218-B--
POST /index.php?action=post2 HTTP/1.1
Host: forum.sdi.sar
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://forum.XXX/index.php?topic=11.0
Cookie: PHPSESSIDF=XXX; SMFCookie547=a%3A4%3A%7Bi%3A0%3Bs%3A1...s%3A40%3A%22f6fd1...c4daafb3fdd7a19a346e%22%3Bi%3A2%3Bi%3A1205286112%3Bi%3A3%3Bi%3A0%3B%7D
Content-Type: application/x-www-form-urlencoded
Content-Length: 217

--c0166218-C--
topic=25&subject=Re%3A+gpg+-+man+page&icon=xx&notify=0&goback=1&num_replies=0&message=%25qqqqqqqqqqqqqqqqq&post=%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C&sc=0be0815c74f9717699612fc01c1a6221&seqnum=3805448
--c0166218-F--
HTTP/1.1 400 Bad Request
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

--c0166218-H--
Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:message. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
Action: Intercepted (phase 2)
Stopwatch: 1205283644496126 38939 (38116* 38442 -)
Producer: ModSecurity v2.1.2 (Apache 2.x)
Server: Apache

--c0166218-Z--

How to fix it?
This bug in modsec  20_protocol_violations.conf or smf?
Title: Re: Having problems with mod_security?
Post by: metallica48423 on March 12, 2008, 12:58:30 PM
have you tried the solution in the first post of this page?
Title: Re: Having problems with mod_security?
Post by: masterb on March 12, 2008, 06:58:55 PM
have you tried the solution in the first post of this page?
Thanks, add

<IfModule security2_module>
SecRequestBodyAccess Off
</IfModule>

in my vhosts.conf, I hope it safely :)
Title: Re: Having problems with mod_security?
Post by: innerspace70 on March 18, 2008, 11:46:20 PM
Ok,
Once for the dummy in the room.

Should I ADD the code to the .htaccess file in the PUBLICHTML root?

Or Just replace the file all together with this code.

(When I add it using cPanel the forum fails with a 500 error.)

Answer to my own question:
I created a NEW file with the suggested code from this post. Saved it to the folder I have SMF installed in.
I did not modify the .htaccess file in the publichtml root. (that causes a 500 error)



Title: Re: Having problems with mod_security?
Post by: Rumbaar on March 24, 2008, 07:47:21 PM
.htaccess files affect the files and folders below it (that don't have their own .htaccess file).  So as long as you put it in the top most folder you want to affect it should be fine.
Title: Re: Having problems with mod_security?
Post by: tourneymanager on March 25, 2008, 02:17:56 PM
I seem to be having a mod_security problem, but I'm not 100% sure. I need help. I don't see mod_security listed anywhere in my phpinfo file, so it would seem it's not installed by my host. But...

I'm getting 406 errors when certain word combinations are included in posts (the one that keeps killing me is *poker*.com, and my site is poker-related...argggg). If I eliminate the "r" from "poker", no problem. If I eliminate the ".com", no problem. So there's definitely something that's filtering posts. It's not just forum posts, either. I use TinyPortal and when I attempt to post html that includes the offending text, I get the 406 error.

So, I tried the first suggestion in this thread. No luck. Still get 406 errors. I tried the updated version for mod_security2, and I get the 500 error. Since the updated version uses the "<#ifmodule mod_security2.c>" qualifier and I get errors that disappear when I comment out the code between the <ifmodule...> and </ifmodule...>, I believe my host is running mod_security2 (by the way, when I leave in the same code, but use "<#if module mod_security.c>, I don't get the 500 error, but the 406 error remains -- apparently because the code never gets called).

My webhost is siteflip.com and I have a help ticket submitted, but I suspect they'll need some help of their own  ;) so I'm trying to arm myself with as much information as possible.

Any ideas. I have a feeling I may need to switch hosts to get past this because I suspect they have it set up so that the mod_security2 can't be disabled via htaccess.

Thanks in advance...
Title: Re: Having problems with mod_security?
Post by: tourneymanager on March 25, 2008, 04:10:07 PM
Well, I was right...mostly. I just got a response from my web host saying that mod_security2 could not be disabled from htaccess, but they disabled it for my domain from their end.

I hope this helps others who may be stumped by this. :)
Title: Re: Having problems with mod_security?
Post by: anakmacan on April 16, 2008, 06:11:14 AM
Im having the same problem, im using hosting service from Maxoz.com. They didnt give me answer if they will turn it off or not.
Title: Re: Having problems with mod_security?
Post by: metallica48423 on April 27, 2008, 04:59:24 AM
Theres nothing we can do if your host won't disable it and it is causing the 403 errors.  it is a server side block, not anything SMF can stop in any capacity
Title: Re: Having problems with mod_security?
Post by: legoracer on May 27, 2008, 12:53:29 AM
Ok I have asked my host to get rid of the mod_security and they did actually in 15mins they acted!!! AWESOME SUPPORT from them and this forum!!

But now should I get rid of the code mods that were suggested to start with?
Title: Re: Having problems with mod_security?
Post by: metallica48423 on May 27, 2008, 12:54:51 AM
if they disabled mod_security, then the code mod in the first post of this thread is useless
Title: Re: Having problems with mod_security?
Post by: Bill.Ramby on May 29, 2008, 09:03:30 PM
I don't know if this is related, but every other time (at least it seemed like that) that I clicked something, beit "Online", "Reply", "Quote", etc, I would get Firefox asking me if I wanted to download the index.php to my desktop. phpinfo.php revealed no "mod_security" but I went ahead and did the .htaccess. So far my problem is gone and my forum seems faster.

Big time thank you. This was driving me nuts (I know, short drive :D).
Title: Re: Having problems with mod_security?
Post by: metallica48423 on May 30, 2008, 02:09:51 AM
yea, that can cause that to happen too sometimes.

its simply bad server configuration
Title: Re: Having problems with mod_security?
Post by: SuperZambezi on June 16, 2008, 11:53:50 AM
Added could code into .htaccess and its as if notjing happened. Is there more to it?
Title: Re: Having problems with mod_security?
Post by: ThorstenE on June 16, 2008, 02:13:11 PM
Added could code into .htaccess and its as if notjing happened. Is there more to it?
maybe, yoúr host does not allow disabling mod_security from .htaccess or is using mod_security2..

give this a try:

Code: [Select]
<IfModule mod_security2.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>

or contact your host.
Title: Re: Having problems with mod_security?
Post by: SuperZambezi on July 01, 2008, 09:11:59 PM
I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Title: Re: Having problems with mod_security?
Post by: redone on July 12, 2008, 11:09:36 AM
I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?
Title: Re: Having problems with mod_security?
Post by: SuperZambezi on July 12, 2008, 06:49:54 PM
I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?

But I can change .htacces and its as if nothing happens.
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on July 12, 2008, 08:18:53 PM
Some hosts have things configured to use a non-standard method to disable, or don't allow disabling via .htaccess. If the suggestion here doesn't work, you need to contact your host to find this out.
Title: Re: Having problems with mod_security?
Post by: ousu on July 31, 2008, 09:28:51 AM
Hi friend's,

while saving my data base by selecting Compress the file with gzip. it gives the below error.

But I am able to save my database by unchecking this Compress the file with gzip option.


but by unchecking this optin it takes more time to download the database.
please help me in this regard.

Thank you.


Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@studentsmasti.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at studentsmasti.net Port 80
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on July 31, 2008, 10:26:24 AM
This isn't a mod_security issue. The problem is that your database is too big to hold and compress in the memory PHP is allowed to use. You might want to start making backups through the tools your hosting provider provides. These usually are set up to bypass the limits imposed on you directly.
Title: Re: Having problems with mod_security?
Post by: jepot5 on August 12, 2008, 08:28:53 AM
can u just ask the host if they can disable it on your account?
Title: Re: Having problems with mod_security?
Post by: djstew on August 21, 2008, 07:26:45 AM
i'm having this same problem when navigating through gallery pro. the gallery itself works but some of the features are not. like clicking on the previous image/next image and picture ratings buttons. this didnt start happening until i installed the gallery.

this is what it says on the page

Not Acceptable

An appropriate representation of the requested resource /cjforum2/index.php could not be found on this server.

Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at customjustice.dchallofjustice.com Port 80
Title: Re: Having problems with mod_security?
Post by: tjhanes on September 15, 2008, 10:04:48 AM


Code: [Select]
<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.


Worked perfect!! Thanx.
Title: Re: Having problems with mod_security?
Post by: sweethangs on September 17, 2008, 06:28:11 PM
After adding the .htaccess file I no longer get an error but the "post" button doesn't work.  I can preview my message but not post it.
Title: Re: Having problems with mod_security?
Post by: sweethangs on September 17, 2008, 06:56:45 PM
After adding the .htaccess file I no longer get an error but the "post" button doesn't work.  I can preview my message but not post it.

it resolved itself after logging out and back in.  thank you!
Title: Re: Having problems with mod_security?
Post by: Soms on October 03, 2008, 12:15:38 PM
Ok I have read all and my problem seems to be rather peculiar. I am the admin of the forum and I am the only one who seem to be getting this problem when trying to open a pm. The other members have no such problems at all. Should I be worried?
Title: Re: Having problems with mod_security?
Post by: Soms on October 07, 2008, 07:16:54 PM
Can anybody help me with the above? It is driving me nuts!
Title: Re: Having problems with mod_security?
Post by: Rumbaar on October 07, 2008, 10:35:22 PM
You haven't really been specific with the exact problem you're having.  So more details, unless you've posted about it elsewhere ... then link to it.
Title: Re: Having problems with mod_security?
Post by: Soms on October 08, 2008, 03:05:41 AM
Sorry about that. I posted a more detailed info in this thread http://www.simplemachines.org/community/index.php?topic=246702.msg1741544#msg1741544 But I sure can use all the help there is.
Title: Re: Having problems with mod_security?
Post by: skip on October 18, 2008, 11:50:00 AM
Hi,

I was having a mod security issue on the forum and the host said he has now disabled mod security. Thing is I had the approriate text in a .htaccess file within the forum root but then I found this as well below which I'm pretty sure I didn't put there:

<IfModule mod_security.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>
RewriteEngine On
RewriteRule ^([a-zA-Z0-9-]*).html index.php?action=$1 [L]


I'm not sure what that Rewrite rule is doing but it seems strange and worrying, any ideas?
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on October 18, 2008, 12:47:29 PM
Are you doing any kind of URL rewriting (PrettyURLs, SEO4SMF, etc.)?
Title: Re: Having problems with mod_security?
Post by: skip on October 18, 2008, 06:21:48 PM
Hi,

No I don't have either one installed, just smf search engine friendly url's enabled.

Skip
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on October 18, 2008, 08:51:38 PM
That might be for those. I personally don't use that option, but the rewrite rule looks to fit it.
Title: Re: Having problems with mod_security?
Post by: afe on October 23, 2008, 09:54:53 PM
I still get the error. "Not Acceptable
An appropriate representation of the requested resource /run/forum/index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
"
Title: Re: Having problems with mod_security?
Post by: skip on November 04, 2008, 12:18:47 PM
If mod_security2 is being used on a server should the previous mod security text be removed leaving just

<IfModule security2_module>
SecRequestBodyAccess Off
</IfModule>

or does it not make a difference?

Was also wondering if the hosting company turns off mod security 2 completely , can I still leave the above within the .htaccess and it will be ignored or will it cause problems.

Thanks
Title: Re: Having problems with mod_security?
Post by: pariofdreamz on November 16, 2008, 07:50:34 PM
I requested my hosting ppl to disable but they denied saying that they cannot disable mod_security because if someone exploits  site, the whole server can be compromised (this has happened in the past). so now what should i do help me please ......Help me :(

- Pari
Title: Re: Having problems with mod_security?
Post by: Oldiesmann on November 19, 2008, 11:31:33 AM
Tell them to disable the filtering engine. That's the part that causes all the problems.
Title: Re: Having problems with mod_security?
Post by: DragonKith on November 29, 2008, 06:29:00 PM
I am still having problems with my forum its still giving me this error message  and i tryed the htaccess i am not sure why i am still having this problem anyhow i am not sure why i am having this problem i think i will try a totally different forum program



Not Acceptable

An appropriate representation of the requested resource /forum/index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at ohiohauntedplaces.com Port 80
Title: Re: Having problems with mod_security?
Post by: Northwinds on December 10, 2008, 09:05:05 PM
Fantastic!!!!!
Thank you so much!!
Sorted my problems!!
Cheers,
Northwinds  :P
Title: Re: Having problems with mod_security?
Post by: Thunderace on January 07, 2009, 04:16:52 PM
I'm having a problem with the downloads package and mod_sec.

The package is trying to use ;id in the querystring which is being seen quite correctly as a system command injection.

Matched signature <;id>"] [severity "CRITICAL"]

I'll certainly not gimp mod_sec as it's there for the reasons I put it there .. any suggestions?
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on January 07, 2009, 06:39:33 PM
Just edit the rule then so it doesn't match the way the package is handling it?

It seems to be a silly rule anyway as many dynamic software packages use id as a query variable.
Title: Re: Having problems with mod_security?
Post by: Thunderace on January 08, 2009, 06:09:11 AM
Just edit the rule then so it doesn't match the way the package is handling it?

It seems to be a silly rule anyway as many dynamic software packages use id as a query variable.

Thanks for the reply Motoko-chan

I ended up modifying the package rather than my security.

http://www.simplemachines.org/community/index.php?topic=203471.msg1869963#msg1869963
Title: Re: Having problems with mod_security?
Post by: stiler on February 06, 2009, 06:29:37 AM
i olso have this problem with my forum but the host dosent seem to have installed that module and i don't know what it couses this



here is my phpinfo from my host if u can found any info to help i found another module named "suhosin" i don't know if this is anything but ...

Code: [Select]
PHP Version 5.2.8

System Linux web10.nxserve.net 2.6.18-53.el5PAE #1 SMP Mon Nov 12 02:55:09 EST 2007 i686
Build Date Jan 9 2009 07:48:27
Configure Command './configure' '--enable-bcmath' '--enable-calendar' '--enable-exif' '--enable-force-cgi-redirect' '--enable-ftp' '--enable-gd-native-ttf' '--enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pdo=shared' '--enable-safe-mode' '--enable-sockets' '--enable-zip' '--prefix=/usr' '--with-bz2' '--with-config-file-path=/usr/local/lib' '--with-config-file-scan-dir=/usr/local/lib/php.ini.d' '--with-curl=/opt/curlssl/' '--with-freetype-dir=/usr' '--with-gd' '--with-gettext' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mhash=/opt/mhash/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--with-pdo-mysql=shared' '--with-pdo-sqlite=shared' '--with-png-dir=/usr' '--with-pspell' '--with-sqlite=shared' '--with-ttf' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr'
Server API CGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib
Loaded Configuration File /usr/local/lib/php.ini
Scan this dir for additional .ini files /usr/local/lib/php.ini.d
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams zip, php, file, data, http, ftp, compress.bzip2, compress.zlib, https, ftps
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*

Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
    with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

PHP Credits
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output &amp; &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors STDOUT STDOUT
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl Off Off
error_append_string no value no value
error_log error_log error_log
error_prepend_string no value no value
error_reporting 6135 6135
expose_php On On
extension_dir /usr/local/lib/php/extensions/no-debug-non-zts-20060613 /usr/local/lib/php/extensions/no-debug-non-zts-20060613
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/lib/php:/usr/local/lib/php .:/usr/lib/php:/usr/local/lib/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 30 30
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 32M 32M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals On On
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 50M 50M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off

bcmath
BCMath support enabled

bz2
BZip2 Support Enabled
Stream Wrapper support compress.bz2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.3, 15-Feb-2005

calendar
Calendar support enabled

cgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.force_redirect 1 1
cgi.nph 0 0
cgi.redirect_status_env no value no value
cgi.rfc2616_headers 0 0

ctype
ctype functions enabled

curl
cURL support enabled
cURL Information libcurl/7.19.2 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

date
date/time support enabled
"Olson" Timezone Database Version 2008.9
Timezone Database internal
Default timezone Etc/GMT+5

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value

dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.2
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled

exif
EXIF Support enabled
EXIF Version 1.4 $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13 jani Exp $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF

filter
Input Validation and Filtering enabled
Revision $Revision: 1.52.2.44 $

Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value

ftp
FTP support enabled

gd
GD Support enabled
GD Version bundled (2.0.34 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.2.1
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XPM Support enabled
XBM Support enabled

gettext
GetText Support enabled

hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.5

Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1

imap
IMAP c-Client Version 2006k
SSL Support enabled
Kerberos Support enabled

json
json support enabled
json version 1.2.1

libxml
libXML support active
libXML Version 2.7.2
libXML streams enabled

mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value

mcrypt
mcrypt support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream

Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value

mhash
MHASH support Enabled
MHASH API Version 20060101

mysql
MySQL Support enabled
Active Persistent Links 1
Active Links 2
Client API version 5.0.67
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib -lmysqlclient

Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off

mysqli
MysqlI Support enabled
Client API library version 5.0.67
Client API header version 5.0.67
MYSQLI_SOCKET /var/lib/mysql/mysql.sock

Directive Local Value Master Value
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.reconnect Off Off

openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8b 04 May 2006

pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 7.8 2008-09-05

Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000

PDO
PDO support enabled
PDO drivers sqlite, sqlite2, mysql

pdo_mysql
PDO Driver for MySQL, client library version 5.0.67

pdo_sqlite
PDO Driver for SQLite 3.x enabled
PECL Module version (bundled) 1.0.1 $Id: pdo_sqlite.c,v 1.10.2.6.2.3 2007/12/31 07:20:10 sebastian Exp $
SQLite Library 3.3.7

posix
Revision $Revision: 1.70.2.3.2.20 $

pspell
PSpell Support enabled

Reflection
Reflection enabled
Version $Id: php_reflection.c,v 1.164.2.33.2.54 2008/10/29 13:34:08 felipe Exp $

session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler user files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid no value 0

SimpleXML
Simplexml support enabled
Revision $Revision: 1.151.2.22.2.45 $
Schema support enabled

sockets
Sockets Support enabled

SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException

SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c,v 1.166.2.13.2.11 2008/12/01 12:28:27 felipe Exp $
SQLite Library 2.8.17
SQLite Encoding iso8859

Directive Local Value Master Value
sqlite.assoc_case 0 0

standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags no value a=href,area=href,frame=src,input=src,form=,fieldset=
user_agent no value no value

suhosin
Suhosin logo This server is protected with the Suhosin Extension 0.9.27

Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbH

Directive Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 50 50
suhosin.get.max_array_index_length 64 64
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 512 512
suhosin.get.max_vars 100 100
suhosin.log.file 0 0
suhosin.log.file.name no value no value
suhosin.log.phpscript 0 0
suhosin.log.phpscript.is_safe Off Off
suhosin.log.phpscript.name no value no value
suhosin.log.sapi 0 0
suhosin.log.script 0 0
suhosin.log.script.name no value no value
suhosin.log.syslog no value no value
suhosin.log.syslog.facility no value no value
suhosin.log.syslog.priority no value no value
suhosin.log.use-x-forwarded-for Off Off
suhosin.mail.protect 0 0
suhosin.memory_limit 0 0
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 50 50
suhosin.post.max_array_index_length 64 64
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 65000 65000
suhosin.post.max_vars 200 200
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 50 50
suhosin.request.max_array_index_length 64 64
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 65000 65000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 200 200
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no value

tokenizer
Tokenizer Support enabled

xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.2

xmlreader
XMLReader enabled

xmlwriter
XMLWriter enabled

Zend Optimizer
Optimization Pass 1 disabled
Optimization Pass 2 disabled
Optimization Pass 3 disabled
Optimization Pass 4 disabled
Optimization Pass 9 disabled
Zend Loader enabled
License Path no value
Obfuscation level 3

zip
Zip enabled
Extension Version $Id: php_zip.c,v 1.1.2.46 2008/11/12 17:50:37 felipe Exp $
Zip version 1.8.11
Libzip version 0.9.0

zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value

Additional Modules
Module Name
ionCube Loader

any ideas ?
Title: Re: Having problems with mod_security?
Post by: jav_tailor on February 16, 2009, 06:12:51 PM
Hi to all,

I've the same problem with mod security and SMF Gallery (lite).

I contacted my hosting provider because the htaccess "trick" not working (error 500) and they say cannot turn it off for security reasons...

I'm desperate! Any solution?

Thanks!

Regards, jav_tailor.
Title: Re: Having problems with mod_security?
Post by: Darkness_Black on March 16, 2009, 01:38:58 AM
OLA i'm having trouble with the mod comment profile, it gives the following error when i click to delete or edit comentario comentario:

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

i asked for help in SMFHacks, and they sent me here, i read this topico made the but nothing has happened remained the same mistake you know i say what can i do to have this mod working correctly?  :(
Title: Re: Having problems with mod_security?
Post by: Rumbaar on March 16, 2009, 04:50:04 AM
Check the file permissions of your index.php file and if 777 check with your host to see if they have any type of restrictions.  Also look at your server logs for additional information for the cause.
Title: Re: Having problems with mod_security?
Post by: Darkness_Black on March 16, 2009, 03:54:55 PM
i noticed all permissoes and all files and folders on my forum are 777 down not have any restriction but remains the same mistake.  :(
Title: Re: Having problems with mod_security?
Post by: Rumbaar on March 16, 2009, 05:08:38 PM
Did you have a word to your host and/or look at your logs?  Some hosts don't allow index.php to run at 777.
Title: Re: Having problems with mod_security?
Post by: mforum on April 03, 2009, 12:07:12 PM
i also have the error bellow when i try to do admin actions in quiz and SMG mods

Method Not Implemented

GET to /forum/index.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


i run smf 2 rc 1
my index.php is chmoded 755
i tried the .htaccess file but didn`t help
my host told me they will disable mod_security for me but chmoding to 777 doesn`t work well in their server ... whatever that means.
is it vital for index.php to have 777 instead of 755 permission ?
Title: Re: Having problems with mod_security?
Post by: Murph on May 15, 2009, 04:07:14 PM
Hello All,
Everything was great until my web host updated the server security the other day. Now all links from my media gallery get an error 406.
The Host Tech's response to my inquiry was:
_________________________
Hello,

Unfortunately it appears this error is being caused by the mod_security on the server, but we will be unable to edit our configuration, as it is an important security feature.

___________________________

SMF is running fine, but all links from media gallery index page get error 406. I've tried all recommendations from this thread nothing has worked.
I'm running SMF 1.1.8 with Media Gallery 1.5.6.

Any other suggestions? I might just bale on my host and get a new one.
Murph
Title: Re: Having problems with mod_security?
Post by: Sarge on May 15, 2009, 04:12:38 PM
Try to get your host to disable -- only for your domain, or at least for your forum directory -- the mod_security rules that are causing the 406 errors. I suspect that the errors might be related to the presence of ;id in the Media Gallery URLs.
Title: Re: Having problems with mod_security?
Post by: kenrank on May 25, 2009, 01:07:36 AM
I'm not sure if this is a mod_security problem or not!  :(

We're running SMF 1.1.9.  We installed the Group Moderators Mod from:
http://custom.simplemachines.org/mods/index.php?mod=171

Almost everything works fine, except (isn't there always an exception?) when I click the group number on:
http://discoverhebrewroots.com/index.php?action=groups

the link generated is either of these two links depending on the group:
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=13
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=9

I get a 406 Not Acceptable error:
Code: [Select]
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at discoverhebrewroots.com Port 80

The forum error log gives no errors, but the server error log gives:
Code: [Select]
[Mon May 25 00:01:45 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups
[Mon May 25 00:01:38 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups

I ran phpinfo and mod_security is not listed anywhere.  I tried the mod_security htaccess fix, and it doesn't seem to do anything at all.

I cannot figure out where the 406 is coming from...  :(

Thanks in advance for any help.
Title: Re: Having problems with mod_security?
Post by: Mortfiles on June 04, 2009, 12:06:08 PM
As a webhost I would like to learn more about this issue since its a bad idea to compromise with security just to get some software working. On the other hand its really bad policy not to try to find ways to get things working for clients that want to use that software...

mod_security does not like SMF because it consider it to be a bad boy that try to use PHP session attacks and PHP injection attempts:

Code: [Select]
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]
Code: [Select]
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]
The question is what SMF is doing to get caught doing this and can it be resolved through creative rewrite rules och code changes rather than compromise server security?

I would also like to point out that many webhosts are abandoning the old insecure way to handle permissions and are turning to solutions like PHPSUEXEC or SUPHP which means that if a client tries to set folders above 755 and/or files above 644 will throw errors as well. It does not effect the script itself and it run just fine on 755/644 settings but is alot safer than opening up your server for everyone in the world to abuse.

Not sure if anyone here might be effected by this, but it may not hurt to ask your host just to be sure. If your host use something like this no fix in the world will get SMF working until you change all file permissions accordingly.
Title: Re: Having problems with mod_security?
Post by: Sarge on June 04, 2009, 12:51:16 PM
Code: [Select]
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

Lines 249-251 in http://downloads.prometheus-group.com/delayed/rules/modsec/10_asl_rules.conf
Code: [Select]
# Rule 340076: PHP defenses
SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)"  \
"id:340076,rev:2,severity:2,msg:'PHP Session attack'"

I see that this version I found is rev "2", while you have rev "1". Can you post the rule from your copy of 10_asl_rules.conf? This file can be in /etc/httpd/modsecurity.d/ or in other locations, depending on your server setup.
Title: Re: Having problems with mod_security?
Post by: LOVELORD on August 27, 2009, 02:20:33 PM
I have problem with mod SMF Gallery Lite...

When I try to make some actions I recive this message

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

What to do? I modiffy .htpaccess file but problem is same...
Title: Re: Having problems with mod_security?
Post by: Waffadrunker on January 05, 2010, 01:44:19 AM
I wonder why no one reply to "Mortfiles" post.

I think it would be important to make some kind of ruleset for SMF forum (whit dif modules loaded, + extra one whit dif. languages loaded) that hosts can apply easily.  Or some common ones at least that one can send to hes host to exclude. Because as i understand from the host, it can benefit SMF forum ( or can it not?)

mode_security is not going anywhere and more and more servers have been starting to use it (and many of them do not allow to disable it whit .access file) so it would be important to look in to this issue.

Should .access file turn it off completely (so that it will not interfere whit any mods)  and will host admin get some notification about it? Or will it turn off only some parts? How do i know if it's completely off once the forum started to work after .access trick?

Sorry for dumping but i also have problems whit .access file and this topic seemed to be the best one to add my thoughts.
Title: Re: Having problems with mod_security?
Post by: Joey Smith™ on January 05, 2010, 02:54:58 AM
Do you have mod_security or mod_security2?
Title: Re: Having problems with mod_security?
Post by: Garou on January 05, 2010, 11:14:04 PM
The problem with ModSecurity is that its become so restrictive that it severely hinders many useful web tools. They are aware of this but they dont seem to really care either.

That said they have released this document http://blog.modsecurity.org/2007/02/handling-false.html that provides instructions so a host can custom write rules or whitelists that tells the program to trust certain files. Its better then a hosts usual response to either turn off the 2 or 3 most restrictive rules or even ModSecurity all together if they are willing to do anything at all. Of course in my opinion if a host isn't willing to work with you its time to find a new host.
Title: Re: Having problems with mod_security?
Post by: armid on April 21, 2010, 04:00:23 PM
Hi. I have a problem. When I try to install SMF 2.0 RC 3 forum. I get an message:

The installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.

What I can do with this?

sory for my english
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on April 21, 2010, 04:06:25 PM
Read the first post in this topic.
Title: Re: Having problems with mod_security?
Post by: armid on April 21, 2010, 04:17:18 PM
I add this code:

<IfModule mod_security.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>

in my .htaccess
This file is located in a root folder of site.
But it is not solve the problem
Title: Re: Having problems with mod_security?
Post by: armid on April 24, 2010, 04:50:41 PM
nobody knows?
Title: Re: Having problems with mod_security?
Post by: RGM on July 21, 2010, 06:10:37 PM
Our board just moved to a new host that uses mod_security and we now find that if a member attempts to post with the strings "select" and "from" appearing anywhere in the message, we get a server error. I contacted our host provider and they said it's due to one of the filters attempting to block a potential SQL injection attack.  Their only solutions were to disable mod_security or tell our members not to use the words select and from, even if they are substrings of another word. Any suggestions?

For example, the following line in a message body would trigger an error:
There is a fine selection of shows on fromthetop.org
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on July 21, 2010, 08:22:28 PM
Either disable mod_security or find a better host. That's an awful filter to put in production.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 25, 2010, 02:55:05 AM
Wow, this problem is known since 2005 and never got fixed - impressive!

I don't think the host is bad coz he got security in place SMF apparently can't handle....2010 now... SMF2 RC3 still can't handle. Maybe time for a better forum software!?
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 25, 2010, 03:56:00 AM
If you actually bother to read about the issue, you would know it is about certain non-standard rules that trip up many products as well as SMF. If a host tosses up rules without understanding the impact they can have, they are a bad host to stay with as they are incompetent.

mod_security, if used intelligently, will work fine with SMF. In general, Suhosin would probably be a better choice, but many hosts won't recompile PHP for it. Unfortunately, many hosts don't use mod_security in an intelligent way - they just know that "more rules are better" and break things. If you're on shared hosting, you won't have the ability to choose the right filter rules and thus will have to try and disable the module entirely.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 25, 2010, 04:47:48 AM
Okay, and since most hosts are just too dumb to apply mod_security properly, especially to work with SMF, those seem to have no other issues as they use this mod since years with everything else on their servers.

I really wonder what is the problem here..



Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 25, 2010, 01:35:08 PM
I really wonder what is the problem here..

Silly rules being implemented with restrictions like "can't have the word "post" in a get string. Yeah... Heck, I recall one poster earlier to either this topic or another where this module was being a problem. They couldn't write certain words in their forum posts. That's not an SMF issue, and I think was proven to be a bad mod_security rule by some simple tests that showed it affected any application.

I wouldn't say "most" hosts, anyway. If this was a huge issue, the topic would be much longer. Heck, you're the first new poster to this topic since April.

May I note that even the creator of mod_security, Trustwave, has noted that false positives are common because some of the rules are so generic? They even made a whole post about whitelisting false positives (http://blog.modsecurity.org/2007/02/handling-false.html) some years ago.

The real problem is not SMF, it's small-time webhosts using a product they aren't familiar with and which has been acknowledged by the author of needing to be tailored to the content running on the server (in other words, it's not suitable for mass shared hosting) being used for shared hosting. Then they compound it by grabbing "restrictive" rulle sets above the core and using those.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 25, 2010, 05:32:58 PM
Okay, thanks, what makes me wonder in my particular case I can (click) view any image attached to a forum post just fine BUT in the Admin/forum/attachments you click on SAME image name and it throws that error?

how can that be?

In other words, in the Admin panel all/every attachment image you try to view shows error while same images in their forum posts show up fine!?

something does not fit here..
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 25, 2010, 08:05:54 PM
Possibly it doesn't like the referrer header line with the hex values in the URL. Possibly, it's some other hidden thing. Do you have access to the error log to see what the error is?
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 25, 2010, 08:17:50 PM
Error log is clean - no related entry!
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 25, 2010, 09:03:43 PM
There is a specific mod_security audit log. If you don't see it, ask your host to forward the appropriate log lines to you.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 25, 2010, 10:07:44 PM
Okay, will do!
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 26, 2010, 04:18:35 PM
Support looked into it and confirmed - however, I wonder SMF2 code in admin/ browse attachments could be altered to pass this rule? This is the only 1 incident I have seen with security_mod enabled - all else seem to work fine.


I have confirmed that the issue is indeed mod_security, as the below excerpt from the error_log confirms.

@biz93 [~]# tail -f /usr/local/apache/logs/error_log | grep enchanting
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.154.170] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:action. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950006"] [msg "System Command Injection"] [data ";id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "$$$$$$.biz"] [uri "/SMF2/index.php"] [unique_id "TJ9Pos2G@VUAAF2QVCoAAAEP"]
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 27, 2010, 12:40:29 AM
What's the URL it's flagging? Feel free to obscure the domain, the URI is really the important part.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 27, 2010, 02:08:50 AM
I guess you mean the referrer URL? here we go:

 referer: http://deleted.biz/SMF2/index.php?action=admin;area=manageattachments;sa=browse;c1a9277=1b2045b57f74e6a132b71b66f315a6e2

Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 27, 2010, 02:35:07 PM
The actual link to the file as well, please.
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 27, 2010, 04:28:08 PM
okay, this is the complete thing - nothing more on offer

@biz93 [~]# tail -f /usr/local/apache/logs/error_log | grep enchanting
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.xxx.170] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:action. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "139"] [id "950006"] [msg "System Command Injection"] [data ";id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "deleted.biz"] [uri "/SMF2/index.php"] [unique_id "TJ9Pos2G@VUAAF2QVCoAAAEP"]
[Sun Sep 26 06:50:26 2010] [error] [client xx.xxx.xxx.170] File does not exist: /home/deleted/public_html/501.shtml, referer: http://deleted.biz/SMF2/index.php?action=admin;area=manageattachments;sa=browse;c1a9277=1b2045b57f74e6a132b71b66f315a6e2
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 27, 2010, 05:11:03 PM
But what is the URL that is being requested that trips that?
Title: Re: Having problems with mod_security?
Post by: Forum Guy on September 27, 2010, 05:39:34 PM
I am no regex expert but I am under the impression that this part of the url string is throwing the command injection?!

....c1a9277=1b2045b57f74e6a132b71b66f315a6e2

The fix seems simple to me since we're basically talking about "viewing images" - the way it happens in the forum message with attachment works fine. Browsing/viewing an attachment from within the admin panel triggers an error vomit. Consequentially adjust the admin panel code (browsing attachments) the way image viewing is done from within the forum message and all should be well, no?

 




Title: Re: Having problems with mod_security?
Post by: SimpleJoe on September 28, 2010, 09:05:32 AM
Just my two-cents, mod_security now comes built-in with cPanel hosting, and I've seen a way to edit mod_security so that it doesn't trip up Wordpress sites. If some guru were able to have an edit that would work for SMF, that could be a big leap. 

Also the .htaccess fix doesn't work on the new version of mod_security (2), only way I know to disable it for a domain is to add an entry for the domain to:
/usr/local/apache/conf/modsec2/whitelist.conf

then restart http

of course one should be careful when doing such things and check with their provider first as mod_security does actually prevent a lot of bad stuff. If only it didn't mess with good software like SMF and Wordpress...
Title: Re: Having problems with mod_security?
Post by: 青山 素子 on September 28, 2010, 07:28:57 PM
I am no regex expert but I am under the impression that this part of the url string is throwing the command injection?!

....c1a9277=1b2045b57f74e6a132b71b66f315a6e2

Based on the regex you provided for the rule, it doesn't seem to be so. This is why I keep asking for the exact URL that is causing the issue. The regex appears to be looking for things like "telnet.exe" anywhere in the URL path.

If i get the full URL that is causing problems, i can run it through my tools and see what is matching to determine why it is being detected as a problem.
Title: Re: Having problems with mod_security?
Post by: omagiko on November 25, 2010, 10:08:51 PM
Create a phpinfo.php file.  What is phpinfo.php? (http://www.simplemachines.org/community/index.php?topic=18250.0)  If it contains "mod_security" anywhere in it, you have it.

Contact your host, then, and tell them of your problems.  Point them to this topic.  Perhaps they can create the file for you.

-[Unknown]

Warning: phpinfo() has been disabled for security reasons in /home/foromag/public_html/phpinfo.php on line 1   :(
Title: Re: Having problems with mod_security?
Post by: BryanD on November 25, 2010, 10:14:39 PM
you will need to speak to your host :)
Title: Re: Having problems with mod_security?
Post by: decanus on June 25, 2017, 05:31:23 PM
Not sure if this will help anyone buy I asked Namecheap to disable mod_security and they suggested whitelisting whatever was triggering the rule. They fixed it within minutes and let me know what was triggering the rule. They let me know the following:

The software that posted the information converted some characters into hexadecimal representations, and while this was a POST request, the mod_security scanned it and found it suspicious.

Cheers,
Decanus
Title: Re: Having problems with mod_security?
Post by: Irisado on June 26, 2017, 10:06:38 AM
Thanks for the information, however, this topic was last posted in seven years ago, relates to an outdated version of SMF, and is marked as solved.  As a result, it is being locked.  Please avoid reviving such old topics in future, especially if they have been marked as solved.