Jump to content

Add some info about mod_security and suPHP in ACP


Recommended Posts

I suggest adding info in the ACP about the caveats that mod_security and suPHP may present if end user has them in use, and what to do to address them. CHMOD 777 will "break" suPHP. mod_security can potentially "break" the sql tool box, screenshots (idm), upload progress (idm), dynamic images, large posts, posts with the word select in them, or posts with url paths in them. A heads up on what to white list may save some time in the support ticket arena. Thanks!

Link to comment
Share on other sites

  • 4 years later...

For your information, somebody might be able to use the following info:

We had quite some false positives using ModSecurity. We've commented the following entries by now:

# Check decodings
# "chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'1234123440',severity:'4'"

# SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUtf8Encoding" "deny,log,auditlog,msg:'UTF8 Encoding Abuse Attack Attempt',id:'1234123439',severity:'4'"


# allow request methods
#    "phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'"

After this ModSec is still blacklisting IP's, but almost none from the countries where most of our users reside (responsible for 99% of traffic).

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...