IPS Tutorials: NickTheGreek's Blog - Philips Flat Tv 42Tips and Tricks > Disable mod_security Options

[RSS Bot]

With an application as large as IP.Board 3, and used in the ways that web forum software is used, modules on your server such as Suhosin and mod_security can often trigger problems that other users do not run into. One example I can remember off the top of my head was in older versions of Blog and Gallery, input commands used the $_GET parameter key "cmd" (e.g. index.php?automodule=gallery&cmd=viewimage). While harmless in our context, many web exploits try to inject command line commands using "cmd=" in the URL, so mod_security blocks this.

If you run into random 403 or 500 errors on your site, one possibility is that mod_security is blocking the request. You can attempt to disable mod_security via a .htaccess file in your forum root directory. Create the file if it does not exist, or edit the existing file if it does, and add to the end of the file

SecFilterEngine Off
SecFilterScanPOST Off

Save the file and upload it to your server, and try your request again. If it works this time, it's probable that mod_security is installed on your server and was blocking the request from completing. You can either leave mod_security disabled by leaving the .htaccess in place, or you can get in touch with your host to attempt to reconfigure the mod_security rules in place to allow the request that was blocked. View the full article