Bug when writing "post" or "get" in a message

Started by El_ChiCo, August 15, 2018, 01:49:15 PM

Previous topic - Next topic

El_ChiCo

Dear simple machines team,


I don't know if this bug has already been reported, I don't know exactly what keywords I should use in a search to check this, and if it has already been pointed out then I'm sorry for the time required to merge topics.

I am running à forum in version 2.0.15 and I am confronted to a bug when I try to send a message having one of its lines starting with "post" or "get".

I guess these words are interpreted as the php corresponding functions but I don't understand why it should be interpreted inside the message as it should be treated as a string and not as code.

All I get when trying to post a message with a line starting with "post" or "get" is à 403 error
Quote
Forbidden

You don't have permission to access /forum/index.php/board,15/action,post2.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.


I don't know which information I should give to explain more precisely the problem but I remains at disposal for more informations.


Best regards,
ChiCo.


El_ChiCo

Thank for your quick answer, I'll have a look.
Besides, it seems there is no bug, which means that my post is not at the correct place.
Fell free to replace. Sorry to bother

Shambles

Yeah my forum used to have an aggressive set of modsec rules. Even words such as "select" & "item" were being interpreted as a hack attempt and modsec threw a wobbler.

El_ChiCo

I followed the advices given in Having problems with mod_security, I even tried installing cat_issues patch though it is not exactly my problem, but I still get my 403 error.

I guess I'll have to send a message to my host support...

Thanks again for the help.

drewactual

i fully concede the lion's share of 403's are caused by mod_security, however...... directory/file permissions set improperly will as well. 

you can run a quick command via ssh or a script via browser (google for it) to chmod all files and directories to 0644/0755 (respectfully) and eliminate the majority of 403's that aren't caused by mod_security... most leased servers don't like 0777 (and you likely shouldn't either) and some require 0750 for public_html, so if you have to concede the 0755, select 0750 instead. all files should still be 0644. 

i have a full access dedicated server and became so frustrated with mod_security that i sought and found other means, and still encountered somewhere in the neighborhood of 100 403's a day (on a moderately active forum) and had a bunch of complaints... the permissions recovered this issue for my circumstance almost completely- but beware, there is a WHM setting for file security that will revert your settings until you either adjust it or turn it off (and handle it manually). 

Kindred

Drew. In this case, I can guarantee it's a mod_security problem, not a file permission problem. Please don't send users down the wrong path and confuse them...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


Advertisement: