Having .htaccess issues

discjocke · March 29, 2013, 09:35:09 AM

Here's the error I get. It also happened some time ago, but then it went away. My home page is the SMF forum and now, when I open my browser, this pops up and I don't know where to start to edit this file.

"The page you are trying to access is restricted due to a security rule.

If you believe the security rule is affecting the normal operation of your website,
you can disable it by adding the following lines to your .htaccess file:

<IfModule mod_security.c># Turn the filtering engine On or OffSecFilterEngine Off</IfModule>

JBlaze · March 29, 2013, 10:09:40 AM

Looks like you have Safe Mode enabled.

To turn it off (you don't really need it, and it's a pain anyway), add this code to your .htaccess file in your root directory.

Code Select

<IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine Off
</IfModule>

MrPhil · March 29, 2013, 01:01:17 PM

I don't think "Safe Mode" and "Mod Security" are the same thing. The error message and the proposed fix are Mod Security.

discjocke · March 29, 2013, 01:07:28 PM

I tried to insert the info above in the file, but it didn't make a difference.

Ricky. · March 29, 2013, 02:40:55 PM

Consult your host, as now they are the one who can help, may be they have disabled .htaccess override

discjocke · March 29, 2013, 02:51:09 PM

Thank you. I'll contact them.

MrPhil · March 29, 2013, 04:15:51 PM

If they've disabled .htaccess override of system settings, it's surprising that they would then suggest using .htaccess to override...

Of course, sometimes the left hand doesn't know what the right hand is doing!

You put those lines into /.htaccess on your server (http://www.yourdomain.com/.htaccess)? You typed them in as 4 separate lines, either at the very top or the very bottom of the file? (to minimize the risk of plopping them down in the middle of something else) Permissions on /.htaccess is 444 or 644? You checked that your edits or upload of the file "took" and are what you see when you browse the file via your control panel's File Manager? Most importantly, this is an Apache server and not IIS?

JBlaze · March 29, 2013, 11:09:03 PM

Quote from: MrPhil on March 29, 2013, 01:01:17 PM
I don't think "Safe Mode" and "Mod Security" are the same thing. The error message and the proposed fix are Mod Security.

Ah, right. Thank you.

Arantor · March 29, 2013, 11:36:01 PM

Correct, safe mode is a bizarre facility in PHP itself, that is (thankfully) due to be phased out soon. mod_security is an Apache level module that allows for filtering content before it even gets to PHP, except it's often badly configured.

As for the server, if the message is what was given to the user, it isn't IIS. IIS doesn't have anything that nice to say.

discjocke · March 30, 2013, 11:07:49 AM

I had to download an owner's manual for a radio I was installing in my truck. It asked me to get a download program to download the document. I was skeptical about it, but after downloading it, I ran Spy-bot S&D. I found many files from Wajam and Yontoo. Spy-bot wouldn't delete them so I went into the c: drive and did a search and deleted them myself.

I was wondering if that triggered the alert, as I didn't have this issue opening my SMF till after that issue with the above crap got into my laptop. Now my desktop doesn't have the issue. SMF opens just fine. So I'm stumped.

kat · March 30, 2013, 05:00:51 PM

Did you get that stupid mod_security disabled?

discjocke · March 30, 2013, 05:20:59 PM

Haven't had the time. I should tomorrow and leave an update.

kat · March 30, 2013, 05:36:35 PM

discjocke · April 10, 2013, 03:40:33 PM

I contacted my website server and I got this below, and followed instructions and it still popped up. No change.

QuoteAs the warning reads, I added the lines in the .htaccess file. This should solve the issue.

Please now either use a different browser or clear your browser's cache to properly verify the result at your end.

I brought up the : http://www.yourdomain.com/.htaccess and this is what I'm getting:
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine Off
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Am I doing somthing wrong?

kat · April 10, 2013, 03:44:31 PM

Your host seems... er... not very good.

If they have it enabled at server level, farting around with .htaccess ain't gonna change that, surely?

discjocke · April 10, 2013, 03:48:52 PM

I replied to them that it didn't work. I'm waiting for their reply. This kind of issue is out of my knowledge scope.

Now it's only happening on Firefox, not Chrome

Update: Now they changed something in .hataccess to:

SecFilterEngine Off

<Files 403.shtml>
order allow,deny
allow from all
</Files>

But issue still ongoing. You all know probably more than me, but why is it only happening with Firefox?

JBlaze · April 10, 2013, 05:04:30 PM

Your host's security is very poor. I'd run away fast. It's very bad practice to allow .htaccess to be read via direct access (aka navigating to it via browser).

discjocke · April 10, 2013, 05:13:44 PM

What puzzles me is, why isn't Chrome having the issue. I removed all cache from the browser. This happened soon after I setup "are you human" and a couple of other items recommended by SMF, to keep spammers away from my forum.

Update: Found the issue. The homepage I had setup for the browser to open up with was causing the issue. I would be able to open up the forum with my shortcut on the favorites bar with no problem. I reset the homepage, and when I updated it, it seems there was an issue with the URL that was setup as the homepage. All is fine.

News:

Having .htaccess issues

MrPhil

MrPhil

kat

kat

kat