News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Having problems with mod_security?

Started by [Unknown], April 26, 2005, 12:07:59 AM

Previous topic - Next topic

jav_tailor

Hi to all,

I've the same problem with mod security and SMF Gallery (lite).

I contacted my hosting provider because the htaccess "trick" not working (error 500) and they say cannot turn it off for security reasons...

I'm desperate! Any solution?

Thanks!

Regards, jav_tailor.

Darkness_Black

OLA i'm having trouble with the mod comment profile, it gives the following error when i click to delete or edit comentario comentario:

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


i asked for help in SMFHacks, and they sent me here, i read this topico made the but nothing has happened remained the same mistake you know i say what can i do to have this mod working correctly?  :(

Translator - Brazilian

Não respondo MP de ajuda, Poste sua duvida no forum!!! Se alguém te Ajudou Agradeça!!!

Rumbaar

Check the file permissions of your index.php file and if 777 check with your host to see if they have any type of restrictions.  Also look at your server logs for additional information for the cause.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Darkness_Black

i noticed all permissoes and all files and folders on my forum are 777 down not have any restriction but remains the same mistake.  :(

Translator - Brazilian

Não respondo MP de ajuda, Poste sua duvida no forum!!! Se alguém te Ajudou Agradeça!!!

Rumbaar

Did you have a word to your host and/or look at your logs?  Some hosts don't allow index.php to run at 777.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

mforum

i also have the error bellow when i try to do admin actions in quiz and SMG mods

Method Not Implemented

GET to /forum/index.php not supported.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


i run smf 2 rc 1
my index.php is chmoded 755
i tried the .htaccess file but didn`t help
my host told me they will disable mod_security for me but chmoding to 777 doesn`t work well in their server ... whatever that means.
is it vital for index.php to have 777 instead of 755 permission ?

Murph

Hello All,
Everything was great until my web host updated the server security the other day. Now all links from my media gallery get an error 406.
The Host Tech's response to my inquiry was:
_________________________
Hello,

Unfortunately it appears this error is being caused by the mod_security on the server, but we will be unable to edit our configuration, as it is an important security feature.

___________________________

SMF is running fine, but all links from media gallery index page get error 406. I've tried all recommendations from this thread nothing has worked.
I'm running SMF 1.1.8 with Media Gallery 1.5.6.

Any other suggestions? I might just bale on my host and get a new one.
Murph

Sarge

Try to get your host to disable -- only for your domain, or at least for your forum directory -- the mod_security rules that are causing the 406 errors. I suspect that the errors might be related to the presence of ;id in the Media Gallery URLs.

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/


Quote
<H> I had zero posts when I started posting

kenrank

I'm not sure if this is a mod_security problem or not!  :(

We're running SMF 1.1.9.  We installed the Group Moderators Mod from:
http://custom.simplemachines.org/mods/index.php?mod=171

Almost everything works fine, except (isn't there always an exception?) when I click the group number on:
http://discoverhebrewroots.com/index.php?action=groups

the link generated is either of these two links depending on the group:
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=13
http://discoverhebrewroots.com/index.php?action=groups;sa=members;id=9

I get a 406 Not Acceptable error:
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at discoverhebrewroots.com Port 80


The forum error log gives no errors, but the server error log gives:
[Mon May 25 00:01:45 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups
[Mon May 25 00:01:38 2009] [error] [client] File does not exist: /home/public_html/406.shtml, referer: http://discoverhebrewroots.com/index.php?action=groups


I ran phpinfo and mod_security is not listed anywhere.  I tried the mod_security htaccess fix, and it doesn't seem to do anything at all.

I cannot figure out where the 406 is coming from...  :(

Thanks in advance for any help.

Mortfiles

As a webhost I would like to learn more about this issue since its a bad idea to compromise with security just to get some software working. On the other hand its really bad policy not to try to find ways to get things working for clients that want to use that software...

mod_security does not like SMF because it consider it to be a bad boy that try to use PHP session attacks and PHP injection attempts:

Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

The question is what SMF is doing to get caught doing this and can it be resolved through creative rewrite rules och code changes rather than compromise server security?

I would also like to point out that many webhosts are abandoning the old insecure way to handle permissions and are turning to solutions like PHPSUEXEC or SUPHP which means that if a client tries to set folders above 755 and/or files above 644 will throw errors as well. It does not effect the script itself and it run just fine on 755/644 settings but is alot safer than opening up your server for everyone in the world to abuse.

Not sure if anyone here might be effected by this, but it may not hurt to ask your host just to be sure. If your host use something like this no fix in the world will get SMF working until you change all file permissions accordingly.

Sarge

Quote from: Mortfiles on June 04, 2009, 12:06:08 PM
Access denied with code 403 (phase 2). Match of "rx ^[0-9a-z]*$" against "ARGS:PHPSESSID" required. [file "/usr/local/apache/conf/modsec_rules/10_asl_rules.conf"] [line "486"] [id "340076"] [rev "1"] [msg "PHP Session attack"] [severity "CRITICAL"]

Lines 249-251 in http://downloads.prometheus-group.com/delayed/rules/modsec/10_asl_rules.conf

# Rule 340076: PHP defenses
SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)"  \
"id:340076,rev:2,severity:2,msg:'PHP Session attack'"


I see that this version I found is rev "2", while you have rev "1". Can you post the rule from your copy of 10_asl_rules.conf? This file can be in /etc/httpd/modsecurity.d/ or in other locations, depending on your server setup.

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/


Quote
<H> I had zero posts when I started posting

LOVELORD

I have problem with mod SMF Gallery Lite...

When I try to make some actions I recive this message

Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

What to do? I modiffy .htpaccess file but problem is same...

Waffadrunker

I wonder why no one reply to "Mortfiles" post.

I think it would be important to make some kind of ruleset for SMF forum (whit dif modules loaded, + extra one whit dif. languages loaded) that hosts can apply easily.  Or some common ones at least that one can send to hes host to exclude. Because as i understand from the host, it can benefit SMF forum ( or can it not?)

mode_security is not going anywhere and more and more servers have been starting to use it (and many of them do not allow to disable it whit .access file) so it would be important to look in to this issue.

Should .access file turn it off completely (so that it will not interfere whit any mods)  and will host admin get some notification about it? Or will it turn off only some parts? How do i know if it's completely off once the forum started to work after .access trick?

Sorry for dumping but i also have problems whit .access file and this topic seemed to be the best one to add my thoughts.

Tyrsson

Do you have mod_security or mod_security2?
PM at your own risk, some I answer, if they are interesting, some I ignore.

Garou

The problem with ModSecurity is that its become so restrictive that it severely hinders many useful web tools. They are aware of this but they dont seem to really care either.

That said they have released this document http://blog.modsecurity.org/2007/02/handling-false.html that provides instructions so a host can custom write rules or whitelists that tells the program to trust certain files. Its better then a hosts usual response to either turn off the 2 or 3 most restrictive rules or even ModSecurity all together if they are willing to do anything at all. Of course in my opinion if a host isn't willing to work with you its time to find a new host.

armid

Hi. I have a problem. When I try to install SMF 2.0 RC 3 forum. I get an message:

The installer has detected the mod_security module is installed on your web server. Mod_security will block submitted forms even before SMF gets a say in anything. SMF has a built-in security scanner that will work more effectively than mod_security and that won't block submitted forms.

What I can do with this?

sory for my english

青山 素子

Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


armid

I add this code:

<IfModule mod_security.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>

in my .htaccess
This file is located in a root folder of site.
But it is not solve the problem


RGM

Our board just moved to a new host that uses mod_security and we now find that if a member attempts to post with the strings "select" and "from" appearing anywhere in the message, we get a server error. I contacted our host provider and they said it's due to one of the filters attempting to block a potential SQL injection attack.  Their only solutions were to disable mod_security or tell our members not to use the words select and from, even if they are substrings of another word. Any suggestions?

For example, the following line in a message body would trigger an error:
There is a fine selection of shows on hxxp:fromthetop.org [nonactive]

Advertisement: