Difference between revisions of "Mod security - Having problems with mod security" From Online Manual

Jump to: navigation, search
m
(Removing the first-person tense.)
Line 1: Line 1:
Some hosts have begun installing something called mod_security.  This filters posts and URLs for certain key words, and if they are found, spits out an error.  Many people are experiencing problems because of this.  Problems include weird "403" or access denied errors, login problems, and similar.
+
Some hosts have begun to install something called mod_security.  This filters posts and URLs for certain key words, and, if they are found, displays an error.  Many people are experiencing problems because of this.  Problems include weird "403" or access denied errors, login problems, and similar.
  
For example, if I were to post this: ''Have you ever used cURL?  You can find information about it at http://curl.haxx.se/.  More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.''
+
For example, if one was to post this: ''Have you ever used cURL?  You can find information about it at http://curl.haxx.se/.  More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.''
  
On a server with mod_security enabled, I'd get an error.  This error wouldn't be preventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.
+
On a server with mod_security enabled, the poster would get an error.  This error is unpreventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.
  
However, depending on your host... it may be possible to disable this unnecessary and unwanted behavior.  Since SMF is able to (properly) filter requests without resorting to just blindly grasping at keywords, doing so should be completely safe.  If you don't trust me, live with the false positives or talk to your host to have the mod_security filtering rules changed.
+
However, depending on your host, it may be possible to disable this unnecessary and unwanted behavior.  Since SMF is able to (properly) filter requests without resorting to blindly grasping at keywords, doing so should be completely safe.  It is recommended that you talk to your host about having the mod_security filtering rules changed.
  
 
To try to disable it, create a file with the name "htaccess.txt" and put the following in it:
 
To try to disable it, create a file with the name "htaccess.txt" and put the following in it:
Line 16: Line 16:
 
</IfModule>}}
 
</IfModule>}}
  
Upload it to your server, and then rename it to ''.htaccess'' (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.
+
Upload it to your server, and then rename it to ''.htaccess'' (that's right, it starts with a dot.)  If you already have a file with that name, you'll want to open it with a text editor such as Notepad, and add the above to it (top or bottom.)  Create a backup, though, before overwriting anything.
  
 
[[How do I modify files|How do I modify files?]]
 
[[How do I modify files|How do I modify files?]]
  
If your host doesn't allow you to disable mod_security, the forum will no longer load.  Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made.  However, if this does happen you will not be able to disable mod_security's filtering.
+
If your host doesn't allow you to disable mod_security, the forum will no longer load.  Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made.  However, if this happens, you will not be able to disable mod_security's filtering.
  
 
[[category:FAQ]]
 
[[category:FAQ]]

Revision as of 11:53, 28 January 2012

Some hosts have begun to install something called mod_security. This filters posts and URLs for certain key words, and, if they are found, displays an error. Many people are experiencing problems because of this. Problems include weird "403" or access denied errors, login problems, and similar.

For example, if one was to post this: Have you ever used cURL? You can find information about it at http://curl.haxx.se/. More specifically, libcurl is useful for accessing URLs in a program - it could be helpful if you're a programmer.

On a server with mod_security enabled, the poster would get an error. This error is unpreventable by SMF, because it's created by the server and Apache, before SMF even gets a say in anything.

However, depending on your host, it may be possible to disable this unnecessary and unwanted behavior. Since SMF is able to (properly) filter requests without resorting to blindly grasping at keywords, doing so should be completely safe. It is recommended that you talk to your host about having the mod_security filtering rules changed.

To try to disable it, create a file with the name "htaccess.txt" and put the following in it:

<IfModule mod_security.c>
	# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
	SecFilterEngine Off

	# The below probably isn't needed, but better safe than sorry.
	SecFilterScanPOST Off
</IfModule>

Upload it to your server, and then rename it to .htaccess (that's right, it starts with a dot.) If you already have a file with that name, you'll want to open it with a text editor such as Notepad, and add the above to it (top or bottom.) Create a backup, though, before overwriting anything.

How do I modify files?

If your host doesn't allow you to disable mod_security, the forum will no longer load. Don't fret if this happens, just delete the .htaccess file or replace it with the backup you made. However, if this happens, you will not be able to disable mod_security's filtering.