alj Posted August 17, 2008 Share Posted August 17, 2008 hello i just finish skin my site but the problem with the mod security on my server make ip.board panel restrict and not function correct also i disable alot of php function but the main problem is with ipb with safe mod option need to be improved because i see many script run with safe mod 100% with no problem but ipb i'm not sure if it 70 or 80% even when i enable the safe mod option for the skin also another point can it be possible for ipb 3 to have an option to enable the dynamic images that only generated on the board like the images on ip.download just to view it on my board topic without showing dynamic images from other web sit for more security Link to comment Share on other sites More sharing options...
henke37 Posted August 17, 2008 Share Posted August 17, 2008 Safe mode in php is gone in PHP 6. The safe mode for the skins is unrelated. Link to comment Share on other sites More sharing options...
alj Posted August 17, 2008 Share Posted August 17, 2008 Safe mode in php is gone in PHP 6. The safe mode for the skins is unrelated. i already know about the php6 and the safe mode but when they will release it and when ips developer will use it and for the safe mode for the skin u need to recheck by your self go to General Configuration under TOOLS & SETTINGS and see what writing about the safe mode options Safe Mode Skin The System Overview page will let you know if your PHP installation has Safe Mode on. If it does, please enable this setting. if you mean the server safe mod i know it has nothing to do with the skin but it have with ips code Link to comment Share on other sites More sharing options...
henke37 Posted August 17, 2008 Share Posted August 17, 2008 The skin safe mode is for installs where the cache can not be created properly by php. Link to comment Share on other sites More sharing options...
alj Posted August 17, 2008 Share Posted August 17, 2008 The skin safe mode is for installs where the cache can not be created properly by php. and that what couse the problems when you import nw skin some cash never change and still affect the board view also when i try to edit the Board Header and Footer Wrapper i get Bad Request Your browser sent a request that this server could not understand. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Link to comment Share on other sites More sharing options...
henke37 Posted August 18, 2008 Share Posted August 18, 2008 That's not to blame IPB for, that's your http client sending malformed requests. Link to comment Share on other sites More sharing options...
bfarber Posted August 18, 2008 Share Posted August 18, 2008 More specifically, like you mentioned it's likely due to mod_security, and you probably need to reconfigure mod_security - I'd venture to guess you're sending a POST request it doesn't like when you submit your skin edits, and there's nothing IPB can do to "fix" that. Link to comment Share on other sites More sharing options...
alj Posted August 18, 2008 Share Posted August 18, 2008 More specifically, like you mentioned it's likely due to mod_security, and you probably need to reconfigure mod_security - I'd venture to guess you're sending a POST request it doesn't like when you submit your skin edits, and there's nothing IPB can do to "fix" that. i already modify my mod_security just to get it fixed but with another script i never need to modify the mod_security for any reason and yes it's because of POST request also i disable safe mode in my php configure to get my skin work fine and that error only when i edit the Board Header and Footer Wrapper but when editing any other skin that work fine also when i import any new skin import will not be complete and some skin like the board header and other skin return to default skin Link to comment Share on other sites More sharing options...
bfarber Posted August 18, 2008 Share Posted August 18, 2008 IPB should fully work in safe_mode. If safe_mode is causing problems you can submit a ticket for support. mod_security, on the other hand, is configurable, and can block entirely legit requests in it's attempt to block bad requests. All I would be able to recommend is to reconfigure mod_security (as you've indicated you've done). echo "hello world";<?php That script may not trigger mod_security - doesn't mean every script won't, however, which is why it's configurable. :) Link to comment Share on other sites More sharing options...
henke37 Posted August 19, 2008 Share Posted August 19, 2008 Call the SQL qurus, this guy is clearly attempting an sql injection, don't you see how he has the key word "or" there!? </fun illustration of the issue> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.