Jump to content

Mod_Security


Recommended Posts

Posted

Does anyone else have problems with there IPB software when using mod_security it seems to block certain members and prevent me using certain features of ipcontent, even so much as saving an article or certain member trying to upgrade their profiles.. Whats the best way to pinpoint the problem cause.

Posted

Does anyone else have problems with there IPB software when using mod_security it seems to block certain members and prevent me using certain features of ipcontent, even so much as saving an article or certain member trying to upgrade their profiles.. Whats the best way to pinpoint the problem cause.





The default mod_sec config should not affect IPB, What you are saying above sounds like a suhosin issue, I may be wrong !

Have you checked the mod_sec logs and see what the error was, Then simply edit the txt file for the rules and comment that line out.
Posted

I checked the apache error logs located here /usr/local/apache/logs/error_log

I have had previous problems with modsec and ipcontent..

Posted

was there anyt error in the load and what was it exactly,

You need to ask the user to do what he/she done, Then when doing so you want to check the loags of apache to see what pops up !

You can moniter it live by:

tail -f /var/log/messages

Posted

When I try running that in ssh I get "invalid option" , do I run it in ssh?

Also I have numerous id's I will need to whitelist I can see that are causing members problems, from not being to save a profile edit, me not being able to save ipcontent articles, and it also completley blocking some of their ip's.

Posted

Can you give me the output of :




PHP 5.2.14 (cli) (built: Dec 5 2010 14:38:30)
Copyright © 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright © 1998-2010 Zend Technologies
with the ionCube PHP Loader v3.3.20, Copyright © 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright © 1998-2009, by Zend Technologies
Posted

Response I received.. baring in mind I was hacked (root) around christmas time, probably my own fault for using outdated WPress, although the hosting comapany, implemented a lot of security precautions above and beyond after..

It is very simple to whitelist a large number of rules for specific file URLs
or subdirectores.

It sounds like the modsecurity was upgraded to a much better ruleset for an
important reason.

If you'd like assistance with finding these errors please provide use with
some more details about the latest concerns you saw.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...