Mike Gholson Posted Monday at 04:42 AM Share Posted Monday at 04:42 AM (edited) Hi all, I am seeing the following errors in IPB 4.7.18. Using Apache on Linux and PHP 8.1.11, this is a new install of IPB. If I upload 6 images, about 2 of them will show failed to upload. The others are fine. Here are the errors: POST /gallery/submit/?category=1&noAlbum=1 HTTP/1.1 [client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "30"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "gatoryachts.com"] [uri "/gallery/submit/"] [unique_id "ZuerS3eCv1iZ3SBPcQ5aDQAAAAI"], referer: https://gatoryachts.com/gallery/submit/?_new=1 AH01579: Invalid response status 44, referer: https://gatoryachts.com/gallery/submit/?_new=1 Edited Monday at 04:43 AM by Mike Gholson Link to comment Share on other sites More sharing options...
teraßyte Posted Monday at 05:35 AM Share Posted Monday at 05:35 AM This is a server issue. You need to contact your hosting about it: ModSecurity: Access denied with code 44 (phase 2). They must either disable/tweak the ModSecurity rule triggered by the gallery uploads or disable it completely. Marc and Pescao6 2 Link to comment Share on other sites More sharing options...
Mike Gholson Posted Monday at 06:42 PM Author Share Posted Monday at 06:42 PM 13 hours ago, teraßyte said: This is a server issue. You need to contact your hosting about it: ModSecurity: Access denied with code 44 (phase 2). They must either disable/tweak the ModSecurity rule triggered by the gallery uploads or disable it completely. Thanks... I own the server. Do you know what I have to change? Mike Link to comment Share on other sites More sharing options...
Jim M Posted Monday at 06:47 PM Share Posted Monday at 06:47 PM 4 minutes ago, Mike Gholson said: Do you know what I have to change? You would need to disable or tweak the rule mentioned there in mod_security to allow for upload. Link to comment Share on other sites More sharing options...
Mike Gholson Posted Tuesday at 10:08 PM Author Share Posted Tuesday at 10:08 PM On 9/16/2024 at 11:47 AM, Jim M said: You would need to disable or tweak the rule mentioned there in mod_security to allow for upload. Not really sure what option to change. Can you help me determine? <IfModule mod_security2.c> # Default recommended configuration SecRuleEngine On SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 SecRequestBodyInMemoryLimit 131072 SecRequestBodyLimitAction Reject SecRule REQBODY_ERROR "!@eq 0" \ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ "id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \ failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ DB %{MULTIPART_DATA_BEFORE}, \ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IP %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" SecPcreMatchLimit 1000 SecPcreMatchLimitRecursion 1000 SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" SecResponseBodyAccess Off SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel 0 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHZ SecAuditLogType Serial SecAuditLog /var/log/httpd/modsec_audit.log SecArgumentSeparator & SecCookieFormat 0 SecTmpDir /var/lib/mod_security SecDataDir /var/lib/mod_security # ModSecurity Core Rules Set and Local configuration IncludeOptional modsecurity.d/*.conf IncludeOptional modsecurity.d/activated_rules/*.conf IncludeOptional modsecurity.d/local_rules/*.conf </IfModule> Link to comment Share on other sites More sharing options...
Jim M Posted Tuesday at 10:15 PM Share Posted Tuesday at 10:15 PM 6 minutes ago, Mike Gholson said: Not really sure what option to change. Can you help me determine? You would want to contact your hosting provider or a server administrator if you’re not sure. Link to comment Share on other sites More sharing options...
Mike Gholson Posted Tuesday at 10:16 PM Author Share Posted Tuesday at 10:16 PM Just now, Jim M said: You would want to contact your hosting provider or a server administrator if you’re not sure. I am the hosting provider.. 😉 I can change anything, just need to know what your software needs to enable multiple uploads. Mike Link to comment Share on other sites More sharing options...
Jim M Posted Tuesday at 10:20 PM Share Posted Tuesday at 10:20 PM 1 minute ago, Mike Gholson said: I am the hosting provider.. 😉 I can change anything, just need to know what your software needs to enable multiple uploads. Mike We do not provide support with server configurations or extra security modules like mod_security. If you are unsure how to handle this you would need to work with a server administrator. If you want to use these items it would be up to yourself to ensure they do not hinder the software. Link to comment Share on other sites More sharing options...
Mike Gholson Posted Tuesday at 10:25 PM Author Share Posted Tuesday at 10:25 PM 1 minute ago, Jim M said: We do not provide support with server configurations or extra security modules like mod_security. If you are unsure how to handle this you would need to work with a server administrator. If you want to use these items it would be up to yourself to ensure they do not hinder the software. What the? Really? My server meets all your specs and I've been with you guys for years.. trying to launch another website and I get this response? Seriously .... Link to comment Share on other sites More sharing options...
Jim M Posted Tuesday at 10:29 PM Share Posted Tuesday at 10:29 PM 1 minute ago, Mike Gholson said: What the? Really? My server meets all your specs and I've been with you guys for years.. trying to launch another website and I get this response? Seriously .... Sorry that you are disappointed but we have never supported server configurations. Our support only covers our software. As a selfhosted customer, it is your responsibility to configure your server and the additional modules you want to run on it As mentioned though, if you don’t know how to configured mod_security to work with our software, I would advise disabling it. Link to comment Share on other sites More sharing options...
Recommended Posts