Having problems with mod_security?

[Rumbaar]

.htaccess files affect the files and folders below it (that don't have their own .htaccess file).  So as long as you put it in the top most folder you want to affect it should be fine.

[tourneymanager]

I seem to be having a mod_security problem, but I'm not 100% sure. I need help. I don't see mod_security listed anywhere in my phpinfo file, so it would seem it's not installed by my host. But...

I'm getting 406 errors when certain word combinations are included in posts (the one that keeps killing me is *poker*.com, and my site is poker-related...argggg). If I eliminate the "r" from "poker", no problem. If I eliminate the ".com", no problem. So there's definitely something that's filtering posts. It's not just forum posts, either. I use TinyPortal and when I attempt to post html that includes the offending text, I get the 406 error.

So, I tried the first suggestion in this thread. No luck. Still get 406 errors. I tried the updated version for mod_security2, and I get the 500 error. Since the updated version uses the "<#ifmodule mod_security2.c>" qualifier and I get errors that disappear when I comment out the code between the <ifmodule...> and </ifmodule...>, I believe my host is running mod_security2 (by the way, when I leave in the same code, but use "<#if module mod_security.c>, I don't get the 500 error, but the 406 error remains -- apparently because the code never gets called).

My webhost is hxxp:siteflip.com [nonactive] and I have a help ticket submitted, but I suspect they'll need some help of their own  so I'm trying to arm myself with as much information as possible.

Any ideas. I have a feeling I may need to switch hosts to get past this because I suspect they have it set up so that the mod_security2 can't be disabled via htaccess.

Thanks in advance...

[tourneymanager]

Well, I was right...mostly. I just got a response from my web host saying that mod_security2 could not be disabled from htaccess, but they disabled it for my domain from their end.

I hope this helps others who may be stumped by this.

[anakmacan]

Im having the same problem, im using hosting service from Maxoz.com. They didnt give me answer if they will turn it off or not.

[metallica48423]

Theres nothing we can do if your host won't disable it and it is causing the 403 errors.  it is a server side block, not anything SMF can stop in any capacity

[legoracer]

Ok I have asked my host to get rid of the mod_security and they did actually in 15mins they acted!!! AWESOME SUPPORT from them and this forum!!

But now should I get rid of the code mods that were suggested to start with?

[metallica48423]

if they disabled mod_security, then the code mod in the first post of this thread is useless

[Bill.Ramby]

I don't know if this is related, but every other time (at least it seemed like that) that I clicked something, beit "Online", "Reply", "Quote", etc, I would get Firefox asking me if I wanted to download the index.php to my desktop. phpinfo.php revealed no "mod_security" but I went ahead and did the .htaccess. So far my problem is gone and my forum seems faster.

Big time thank you. This was driving me nuts (I know, short drive ).

[metallica48423]

yea, that can cause that to happen too sometimes.

its simply bad server configuration

[SuperZambezi]

Added could code into .htaccess and its as if notjing happened. Is there more to it?

[ThorstenE]

Added could code into .htaccess and its as if notjing happened. Is there more to it?

maybe, yoúr host does not allow disabling mod_security from .htaccess or is using mod_security2..

give this a try:

Code Select Expand

<IfModule mod_security2.c>
   # Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
   SecFilterEngine Off

   # The below probably isn't needed, but better safe than sorry.
   SecFilterScanPOST Off
</IfModule>

or contact your host.

[SuperZambezi]

I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.

[redone]

I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.

Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?

[SuperZambezi]

I contacted my host and he contacted his and got :


Mod_security is installed on all our server. Most of the host have it installed for security reason. It tighten the web server security. But mod_security doesnt affect forum at all. But if his site is in Russian. Then it is a different matter. Because for some reason, mod_security is very sensitive to Russian site.

Even if your host has mod_security enabled maybe they can allow you to do some configuration or changes via .htaccess. Have you asked them that question yet?

But I can change .htacces and its as if nothing happens.

[青山 素子]

Some hosts have things configured to use a non-standard method to disable, or don't allow disabling via .htaccess. If the suggestion here doesn't work, you need to contact your host to find this out.

[ousu]

Hi friend's,

while saving my data base by selecting Compress the file with gzip. it gives the below error.

But I am able to save my database by unchecking this Compress the file with gzip option.


but by unchecking this optin it takes more time to download the database.
please help me in this regard.

Thank you.


Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.41 Server at studentsmasti.net Port 80

[青山 素子]

This isn't a mod_security issue. The problem is that your database is too big to hold and compress in the memory PHP is allowed to use. You might want to start making backups through the tools your hosting provider provides. These usually are set up to bypass the limits imposed on you directly.

[jepot5]

can u just ask the host if they can disable it on your account?

[djstew]

i'm having this same problem when navigating through gallery pro. the gallery itself works but some of the features are not. like clicking on the previous image/next image and picture ratings buttons. this didnt start happening until i installed the gallery.

this is what it says on the page

Not Acceptable

An appropriate representation of the requested resource /cjforum2/index.php could not be found on this server.

Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at customjustice.dchallofjustice.com [nofollow] Port 80

[tjhanes]

Code Select Expand

<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

Upload it to your server, and then rename it to ".htaccess" (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.

Worked perfect!! Thanx.