Error when adding code quick replay Not Acceptable Mod_Security

gevv · May 28, 2019, 06:07:08 AM

Hello everyone,

No problems in v2.0.15. I didn't see this problem in v2.0.15.

Update to version 2.1 RC2 there is problem;

Error when adding code quick replay

QuoteNot Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

click replay button add code distorted theme

video gif: https://ibb.co/dp5S6kJ

Code Select

#header
  errorlevel -306  ; Crossing page boundry
#ENDHEADER

;****************************************************************


;----[16F887 Hardware Configuration]--------------------------------------------
#IF __PROCESSOR__ = "16F887"
  #DEFINE MCU_FOUND 1
#CONFIG
cfg1 = _HS_OSC                ; HS oscillator: High-speed crystal/resonator on RA6/OSC2/CLKOUT and RA7/OSC1/CLKIN
cfg1&= _WDT_OFF              ; WDT disabled and can be enabled by SWDTEN bit of the WDTCON register
cfg1&= _PWRTE_OFF            ; PWRT disabled
cfg1&= _MCLRE_OFF            ; RE3/MCLR pin function is digital input, MCLR internally tied to VDD
cfg1&= _CP_ON                ; Program memory code protection is disabled
cfg1&= _CPD_ON                ; Data memory code protection is enabled
cfg1&= _BOR_OFF              ; BOR disabled
cfg1&= _IESO_OFF              ; Internal/External Switchover mode is disabled
cfg1&= _FCMEN_OFF            ; Fail-Safe Clock Monitor is disabled
cfg1&= _LVP_OFF              ; RB3 pin has digital I/O, HV on MCLR must be used for programming
cfg1&= _DEBUG_OFF            ; In-Circuit Debugger disabled, RB6/ICSPCLK and RB7/ICSPDAT are general purpose I/O pins
  __CONFIG _CONFIG1, cfg1

cfg2 = _BOR40V                ; Brown-out Reset set to 4.0V
cfg2&= _WRT_OFF              ; Write protection off
  __CONFIG _CONFIG2, cfg2

#ENDCONFIG

#ENDIF

;----[Verify Configs have been specified for Selected Processor]----------------
;      Note: Only include this routine once, after all #CONFIG blocks
#IFNDEF MCU_FOUND
  #ERROR "No CONFIGs found for [" + __PROCESSOR__ +"]"
#ENDIF


'*************************************
'ISLEMCI TANIMLAMALARI

DEFINE OSC 20          'KRİSTAL FREKANSI
DEFINE ADC_BITS 10
DEFINE ADC_CLOCK 2    '20mhz DIS KRISTAL KULLANILIYOR
DEFINE ADC_SAMPLEUS 15

'*************************************

ADCON1 = %10000000 'SAGA YASLANIK sonuç almak için
ADCON0 = %10000000 'FOSC/32
CM1CON0 = 7
CM2CON0 = 7
TRISA = %00000000  'PORTLAR CIKIS KONUMUNDA VE KAPALI
PORTA = 0          'HEPSI I/O PORT
TRISB = %00000000  'LCD UCLARI VE PROGRAMLAMA UCLARI
PORTB = 0          'HEPSI I/O PORT
TRISC = %00000000  'PORTLAR CIKIS KONUMUNDA VE KAPALI
PORTC = 0          'HEPSI I/O PORT
TRISD = %00000000  'PORTLAR CIKIS KONUMUNDA VE KAPALI
PORTD = 0          'HEPSI I/O PORT
TRISE = %00000000  'PORTLAR CIKIS KONUMUNDA VE KAPALI
PORTE = 0          'HEPSI I/O PORT
ANSELH = 0        'AN8-9-10-11-12-13  DIGITAL GIRIS CIKIS OLACAK CUNKU ORADA LCD BAGLI
ANSEL = 0          'HEPSİ DIGITAL GIRIS CIKIS OLACAK.ANALOG KANAL KULLANIMI YOK.

PSTRCON = %00010011 'PULSE STEERING MODE ACIK VE KANAL STRA ile STRB AKTIF

T2CON=%00000110    'ilk 2 bit bölme oranını belirliyor %000000xx yani xx bitleri 00=1/1 , 01=1/4 %10=1/16 bölme oranı
                  'şeklinde komutları verdikten sonra
CCP1CON=%00001100  'TUM KANALLARDAN AYNI Sinyali aktif hale getirmek için veriyoruz.

Pause 100 ' 100 ms AÇILIŞ GECİKMESİ

DEFINE LCD_DREG PORTB      'LCD data bacakları hangi porta bağlı? LCD nin D0 D1 D2 D3
DEFINE LCD_DBIT 0          'LCD data bacakları hangi bitten başlıyor? ***
DEFINE LCD_RSREG PORTB    'LCD RS Bacağı Hangi Porta bağlı ?       
DEFINE LCD_RSBIT 4        'LCD RS bacağı Hangi Bite bağlı ?        4 ***
DEFINE LCD_EREG PORTB      'LCD Enable Bacağı Hangi Porta bağlı?
DEFINE LCD_EBIT 5          'LCD Enable Bacağı Hangi bite bağlı ?    5
DEFINE LCD_BITS 4          'LCD 4 bit mi yoksa 8 bit olarak bağlı?
DEFINE LCD_LINES 4
'*************************************
'PORT TANIMLAMALARI (DIGITAL PORTLAR)

BUZZER          VAR PORTD.2  'CIKIS -
LOW BUZZER

LED2            VAR PORTA.4  'CIKIS -
LOW LED2

BUTON1          VAR PORTD.6  'GIRIS
BUTON2          VAR PORTD.5  'GIRIS


'*************DEGISKEN TANIMLAMALARI***********
X      VAR BYTE 
DUTY    VAR WORD     
SET    VAR BYTE
SET1    VAR BYTE
MOD_SEC VAR BIT
DRM    VAR BIT
CIKIS  VAR BYTE
ONDA_CIKIS VAR WORD
KURUL  VAR BYTE
I      VAR WORD

'*************'*************'*************
MOD_SEC = 1
DRM = 1


LCDOUT $FE,1   
LCDOUT $FE, $80, "  a  "
LCDOUT $FE, $C0, "    b  "
LCDOUT $FE, $94, "        c"
PAUSE 100

'------------B A Ş L A N G I Ç ---------------   
READ 0,SET
READ 1,SET1
pause 100
   

'***********Program Başlangıcı***********

SET=30 : WRITE 0,SET
SET1=5: WRITE 1,SET1
PAUSE 100


'-----------2Mhz %50 kare dalga için-----------------
DUTY=50  '%DEĞER
PR2=155

'*************BASLA**********************
BASLA:



x=((PR2+1)*DUTY)/25  'bu formül % duty değerinden olması gereken duty rakamını hesaplar. Bütün OSC frekanslar için geçerlidir. (Örneğimizde X=(100*50/25)=200 olarak hesaplanırki bu max değeri 400 olan sinyalin %50 si için 200 olması demektir.
CCP1CON.4=X.0    'CCP1CON <5: 4> DEGERI "X" DEN ALIYOR
CCP1CON.5=X.1    'CCP1CON <5: 4> DEGERI "X" DEN ALIYOR
CCPR1L=x>>2      'CCPR1L  <7: 0> DEGERI "X" DEN ALIYOR


IF MOD_SEC=0 THEN  : TOGGLE DRM : PAUSE 100 : GOTO BTN_KNTRL


Goto BASLA
'*************BITTI**********************


'*************ALT PROGRAMLAR**********************
BTN_KNTRL:
  LCDOUT $FE,1
  LCDOut $FE,$80, "DUTY    :", DEC3 CIKIS,  ",", DEC2 ONDA_CIKIS," kHZ"
  LCDOUT $FE,$C0, "DUTY SET:", DEC3 SET,    ",", DEC2 SET1, " kHZ"
  LCDOUT $FE,$94, "--------------------"
  LCDOUT $FE,$D4, "Azal  KAYDET    Art"
  pause 100
  i=0
  BUTTON BUTON1, 0,100,100,i,1,ARTI
  i=0                                                     
  BUTTON BUTON2, 0,254,255,i,1,EKSI
  i=0
  IF MOD_SEC=0 THEN
  PAUSE 300
  BUTTON MOD_SEC, 0,254,0,i,1,CIK
  ENDIF
  GOTO BTN_KNTRL
 
 CIK:
 
IF MOD_SEC=0 THEN
WRITE 0,SET
WRITE 1,SET1
PAUSE 100
TOGGLE DRM
ENDIF
IF DRM=0 THEN BASLA


 ARTI:
 
SET1=SET1+1
IF SET1=10 THEN SET1=0:SET=SET+1
IF SET=100 THEN SET=0
GOTO BTN_KNTRL

 EKSI:
SET1=SET1-1
IF SET1=255 THEN SET1=9:SET=SET-1
IF SET=255 THEN SET=100:SET1=0
GOTO BTN_KNTRL
 
END

m4z · May 28, 2019, 06:27:05 AM

Apparently your Apache webserver has mod_security enabled, and one of its rules detects your post content as a possible attack. So this most likely lies outside of SMF. (If you still have a 2.0 install on the same server, try posting the same content there to confirm this.)

gevv · May 28, 2019, 06:56:21 AM

install v2.0.15 I have tested no problem

Illori · May 28, 2019, 07:16:10 AM

we don't recommend using mod_security, I would recommend disabling it completely.

gevv · May 28, 2019, 07:49:05 AM

Quote from: Illori on May 28, 2019, 07:16:10 AM
we don't recommend using mod_security, I would recommend disabling it completely.

" install v2.0.15 I have tested no problem" ??

m4z · May 28, 2019, 07:52:20 AM

mod_security is a complex topic. I'd recommend asking the mod_security folks. Either a mod_security rule needs to be adjusted, or a real security problem exists in SMF 2.1...

Arantor · May 28, 2019, 07:58:06 AM

Quote from: m4z on May 28, 2019, 07:52:20 AM
mod_security is a complex topic. I'd recommend asking the mod_security folks. Either a mod_security rule needs to be adjusted, or a real security problem exists in SMF 2.1...

It's not a real security problem. mod_security intercepts the content before it goes to SMF and if it thinks it looks funny, it rejects it. 2.1 complies just fine with the default set of rules in mod_security, just as 2.0 did, but different vendors configure it in different ways, and I suspect the changes to quick reply trip up on some badly set up instances.

The part I'm hazy on is whether 2.0 was installed in the same actual hosting as the 2.1 though, and whether if the content were posted through the full reply in 2.0 would have the same problem.

gevv · May 28, 2019, 10:44:27 AM

Quote from: Arantor on May 28, 2019, 07:58:06 AM
Quote from: m4z on May 28, 2019, 07:52:20 AM
mod_security is a complex topic. I'd recommend asking the mod_security folks. Either a mod_security rule needs to be adjusted, or a real security problem exists in SMF 2
The part I'm hazy on is whether 2.0 was installed in the same actual hosting as the 2.1 though, and whether if the content were posted through the full reply in 2.0 would have the same problem.

Yes on the same server v2.0 and tried it with the same code

shawnb61 · May 30, 2019, 11:07:10 AM

Strange coincidence? I just started getting this message on my 2.0.15 forum when editing certain messages. I wonder if there have been some patches to mod_sec distributed.

gevv · June 28, 2019, 05:34:45 AM

Quote from: shawnb61 on May 30, 2019, 11:07:10 AM
Strange coincidence? I just started getting this message on my 2.0.15 forum when editing certain messages. I wonder if there have been some patches to mod_sec distributed.

updating something on servers...

error messages on different servers

Smf, elkarte

Kindred · June 28, 2019, 07:54:17 AM

SO... disable mod_security or get your host to configure it better

Aleksi "Lex" Kilpinen · June 28, 2019, 08:05:59 AM

https://wiki.simplemachines.org/smf/Mod_security_-_Having_problems_with_mod_security

News:

Error when adding code quick replay Not Acceptable Mod_Security