Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Yesterday at 02:04 PM
Jaymez Posted July 11, 2009 Posted July 11, 2009 I suggest adding info in the ACP about the caveats that mod_security and suPHP may present if end user has them in use, and what to do to address them. CHMOD 777 will "break" suPHP. mod_security can potentially "break" the sql tool box, screenshots (idm), upload progress (idm), dynamic images, large posts, posts with the word select in them, or posts with url paths in them. A heads up on what to white list may save some time in the support ticket arena. Thanks!
wsf Posted May 26, 2014 Posted May 26, 2014 For your information, somebody might be able to use the following info: We had quite some false positives using ModSecurity. We've commented the following entries by now: # Check decodings # SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUrlEncoding" # "chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'1234123440',severity:'4'" # SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" # SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUtf8Encoding" "deny,log,auditlog,msg:'UTF8 Encoding Abuse Attack Attempt',id:'1234123439',severity:'4'" (...) # allow request methods # SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" # "phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'" After this ModSec is still blacklisting IP's, but almost none from the countries where most of our users reside (responsible for 99% of traffic).
Recommended Posts
Archived
This topic is now archived and is closed to further replies.