Having problems with mod_security?

Started by [Unknown], April 26, 2005, 12:07:59 AM

Previous topic - Next topic

Rumbaar

.htaccess files affect the files and folders below it (that don't have their own .htaccess file).  So as long as you put it in the top most folder you want to affect it should be fine.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

tourneymanager

#101
I seem to be having a mod_security problem, but I'm not 100% sure. I need help. I don't see mod_security listed anywhere in my phpinfo file, so it would seem it's not installed by my host. But...

I'm getting 406 errors when certain word combinations are included in posts (the one that keeps killing me is *poker*.com, and my site is poker-related...argggg). If I eliminate the "r" from "poker", no problem. If I eliminate the ".com", no problem. So there's definitely something that's filtering posts. It's not just forum posts, either. I use TinyPortal and when I attempt to post html that includes the offending text, I get the 406 error.

So, I tried the first suggestion in this thread. No luck. Still get 406 errors. I tried the updated version for mod_security2, and I get the 500 error. Since the updated version uses the "<#ifmodule mod_security2.c>" qualifier and I get errors that disappear when I comment out the code between the <ifmodule...> and </ifmodule...>, I believe my host is running mod_security2 (by the way, when I leave in the same code, but use "<#if module mod_security.c>, I don't get the 500 error, but the 406 error remains -- apparently because the code never gets called).

My webhost is hxxp:siteflip.com [nonactive] and I have a help ticket submitted, but I suspect they'll need some help of their own  ;) so I'm trying to arm myself with as much information as possible.

Any ideas. I have a feeling I may need to switch hosts to get past this because I suspect they have it set up so that the mod_security2 can't be disabled via htaccess.

Thanks in advance...

tourneymanager

Well, I was right...mostly. I just got a response from my web host saying that mod_security2 could not be disabled from htaccess, but they disabled it for my domain from their end.

I hope this helps others who may be stumped by this. :)

anakmacan

Im having the same problem, im using hosting service from Maxoz.com. They didnt give me answer if they will turn it off or not.

metallica48423

Theres nothing we can do if your host won't disable it and it is causing the 403 errors.  it is a server side block, not anything SMF can stop in any capacity
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

QuoteMicrosoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"


Useful Links:
Online Manual!
How to Help us Help you
Search
Settings Repair Tool

legoracer

Ok I have asked my host to get rid of the mod_security and they did actually in 15mins they acted!!! AWESOME SUPPORT from them and this forum!!

But now should I get rid of the code mods that were suggested to start with?
Do you know where the term "Boot the computer" came from....? Just think about it for a min.

metallica48423

if they disabled mod_security, then the code mod in the first post of this thread is useless
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

QuoteMicrosoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"


Useful Links:
Online Manual!
How to Help us Help you
Search
Settings Repair Tool

Bill.Ramby

I don't know if this is related, but every other time (at least it seemed like that) that I clicked something, beit "Online", "Reply", "Quote", etc, I would get Firefox asking me if I wanted to download the index.php to my desktop. phpinfo.php revealed no "mod_security" but I went ahead and did the .htaccess. So far my problem is gone and my forum seems faster.

Big time thank you. This was driving me nuts (I know, short drive :D).

metallica48423

yea, that can cause that to happen too sometimes.

its simply bad server configuration
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

QuoteMicrosoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"


Useful Links:
Online Manual!
How to Help us Help you
Search
Settings Repair Tool

SuperZambezi

Added could code into .htaccess and its as if notjing happened. Is there more to it?

ThorstenE

Quote from: SuperZambezi on June 16, 2008, 11:53:50 AM
Added could code into .htaccess and its as if notjing happened. Is there more to it?
maybe, yoúr host does not allow disabling mod_security from .htaccess or is using mod_security2..

give this a try:

<IfModule mod_security2.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>


or contact your host.

SuperZambezi

I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.

redone

Quote from: SuperZambezi on July 01, 2008, 09:11:59 PM
I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?

SuperZambezi

Quote from: RedOne on July 12, 2008, 11:09:36 AM
Quote from: SuperZambezi on July 01, 2008, 09:11:59 PM
I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.
Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?

But I can change .htacces and its as if nothing happens.

青山 素子

Some hosts have things configured to use a non-standard method to disable, or don't allow disabling via .htaccess. If the suggestion here doesn't work, you need to contact your host to find this out.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


ousu

Hi friend's,

while saving my data base by selecting Compress the file with gzip. it gives the below error.

But I am able to save my database by unchecking this Compress the file with gzip option.


but by unchecking this optin it takes more time to download the database.
please help me in this regard.

Thank you.


Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at studentsmasti.net Port 80

青山 素子

This isn't a mod_security issue. The problem is that your database is too big to hold and compress in the memory PHP is allowed to use. You might want to start making backups through the tools your hosting provider provides. These usually are set up to bypass the limits imposed on you directly.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


jepot5

can u just ask the host if they can disable it on your account?

djstew

i'm having this same problem when navigating through gallery pro. the gallery itself works but some of the features are not. like clicking on the previous image/next image and picture ratings buttons. this didnt start happening until i installed the gallery.

this is what it says on the page

Not Acceptable

An appropriate representation of the requested resource /cjforum2/index.php could not be found on this server.

Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at customjustice.dchallofjustice.com [nofollow] Port 80

tjhanes

Quote from: [Unknown] on April 26, 2005, 12:07:59 AM


<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>


Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.


Worked perfect!! Thanx.

Advertisement: