mNo edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Some hosts have begun to install something called mod_security. This filters posts and URLs for certain key words and, if they are found, displays an error. Many people are experiencing problems | Some hosts have begun to install something called mod_security. This filters posts and URLs for certain key words and, if they are found, displays an error. Many people are experiencing problems because of this. These include "403" or "Access denied" errors, login problems, or similar issues. | ||
The following is an example of a post which would generate an error if mod_security is enabled on a server: ''Have you ever used cURL? You can find information about it at http://curl.haxx.se/. More specifically, libcurl is useful for accessing URLs in a program. It could be helpful if you're a programmer.'' | |||
SMF cannot prevent this error, because it is created by the server and Apache, before SMF even gets a say in anything. However, depending on your host, it may be possible to disable this unnecessary and unwanted behaviour. Since SMF is able to filter requests without resorting to grasping blindly at keywords, disabling mod_security should be completely safe. It is recommended that you talk to your host about having the mod_security filtering rules changed. | |||
To try to disable it, you need a file called .htaccess. If you already have a file with that name, you need to open it with a decent text editor such as Notepad++, and add the above to it (top or bottom). Make sure, however, to create a backup before overwriting anything. If you do not already have this file, create it. If your desktop PC will not allow you to edit a file called .htaccess, create the file with another name, such as .htaccess.txt. You can rename it after you load it up to the server. Put the following in the htaccess file: | |||
To try to disable it, you | |||
If you do not already have | |||
{{code|<IfModule mod_security.c> | {{code|<IfModule mod_security.c> | ||
# Turn off mod_security filtering. SMF is a big boy, it does not need its hands held. | # Turn off mod_security filtering. SMF is a big boy, it does not need its hands held. | ||
SecFilterEngine Off | SecFilterEngine Off | ||
# The below probably | # The next part below probably is not needed, but better safe than sorry. | ||
SecFilterScanPOST Off | SecFilterScanPOST Off | ||
</IfModule>}} | </IfModule>}} | ||
Upload | Upload this to your server. If you used a different name, delete the .htaccess file on the server and rename the new file .htaccess. | ||
If your host does not allow you to disable mod_security, the forum will no longer load. | If your host does not allow you to disable mod_security, the forum will no longer load. If this happens, just delete the .htaccess file or replace it with the backup you made earlier. If you have to do this, you cannot disable mod_security filtering. You can ask your host if they can disable mod_security for you. If they will not disable it, and you do not wish to continue to have problems with your forum which mod_security causes, you can seek out a new host. | ||
[[category:FAQ]] | [[category:FAQ]] | ||
Revision as of 10:45, 17 November 2014
Some hosts have begun to install something called mod_security. This filters posts and URLs for certain key words and, if they are found, displays an error. Many people are experiencing problems because of this. These include "403" or "Access denied" errors, login problems, or similar issues.
The following is an example of a post which would generate an error if mod_security is enabled on a server: Have you ever used cURL? You can find information about it at http://curl.haxx.se/. More specifically, libcurl is useful for accessing URLs in a program. It could be helpful if you're a programmer.
SMF cannot prevent this error, because it is created by the server and Apache, before SMF even gets a say in anything. However, depending on your host, it may be possible to disable this unnecessary and unwanted behaviour. Since SMF is able to filter requests without resorting to grasping blindly at keywords, disabling mod_security should be completely safe. It is recommended that you talk to your host about having the mod_security filtering rules changed.
To try to disable it, you need a file called .htaccess. If you already have a file with that name, you need to open it with a decent text editor such as Notepad++, and add the above to it (top or bottom). Make sure, however, to create a backup before overwriting anything. If you do not already have this file, create it. If your desktop PC will not allow you to edit a file called .htaccess, create the file with another name, such as .htaccess.txt. You can rename it after you load it up to the server. Put the following in the htaccess file:
<IfModule mod_security.c> # Turn off mod_security filtering. SMF is a big boy, it does not need its hands held. SecFilterEngine Off # The next part below probably is not needed, but better safe than sorry. SecFilterScanPOST Off </IfModule>
Upload this to your server. If you used a different name, delete the .htaccess file on the server and rename the new file .htaccess.
If your host does not allow you to disable mod_security, the forum will no longer load. If this happens, just delete the .htaccess file or replace it with the backup you made earlier. If you have to do this, you cannot disable mod_security filtering. You can ask your host if they can disable mod_security for you. If they will not disable it, and you do not wish to continue to have problems with your forum which mod_security causes, you can seek out a new host.
