ConfigServer Scripts Forum - View topic - Add an exclusion for mod

Page 1 of 1

[ 8 posts ]

Add an exclusion for mod_security

Author	Message
Marie Junior Member Joined: Fri Dec 15, 2006 5:16 pm Posts: 26	Add an exclusion for mod_security Hi Chirpy I would like to NOT block people after such a mod_sec failure : Error processing request body: Multipart: final boundary missing How could I do that ? Thank you !
Sat May 26, 2007 12:16 pm

acegames Junior Member Joined: Wed Mar 19, 2008 12:51 pm Posts: 11	I too would like this as I have a photo uploader from mobile phones that blocks some phones from uploading Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"] Request: - - [06/Jun/2008:09:03:16 +0100] "POST /membersphotos/upload.php HTTP/1.1" 406 343 "http://www.mydomain.com/membersphotos/upload.php" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 UP.Link/6.3.1.12.0" - "-"
Fri Jun 06, 2008 1:12 pm

chirpy Moderator Joined: Sat Dec 09, 2006 7:13 pm Posts: 2522	Why not remove the mod_security secfilter that is triggering that?
Wed Jun 11, 2008 4:50 pm

acegames Junior Member Joined: Wed Mar 19, 2008 12:51 pm Posts: 11	chirpy wrote: Why not remove the mod_security secfilter that is triggering that? Sorry but I do not know how could you explain how I can do this please
Wed Jun 11, 2008 4:52 pm

noimad1 Junior Member Joined: Sat Mar 15, 2008 8:20 pm Posts: 2	acegames wrote: Sorry but I do not know how could you explain how I can do this please I can't seem to find the filter that causes this. Apparently all sorts of programs are using this uploader, such as wordpress. A whole bunch of my users have been getting blocked all of a sudden. If you find the rule, please let me know.
Sat Jun 28, 2008 11:02 pm

surfalot Junior Member Joined: Tue Sep 02, 2008 5:52 am Posts: 2	It's not a failure of mod_security, it is a failure of adobe flash: http://bugs.adobe.com/jira/browse/FP-292. And, it's not a mod_security rule, as such, either. it's a base function of mod_security. mod_security is working perfectly since flash is not following standards. everyones been recommending this, but it's not recommended since it leaves a whole bunch of scripts open. You can put this in a .htaccess file in the directory of the upload file. SecFilterEngine Off SecFilterScanPOST Off The best approach is to make an exception for only the script in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config fle before any rules include files as such: <LocationMatch "/wp-admin/async-upload.php"> SecFilterEngine Off SecFilterScanPOST Off </LocationMatch> <LocationMatch "/wp-content/plugins/nggallery/admin/wp25/upload.php"> SecFilterEngine Off SecFilterScanPOST Off </LocationMatch> These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.
Tue Sep 02, 2008 8:14 pm

surfalot Junior Member Joined: Tue Sep 02, 2008 5:52 am Posts: 2	My apologies, this should catch it server wide, regardless of the directory WordPress is installed in... <LocationMatch "wp-admin/async-upload.php"> SecFilterEngine Off SecFilterScanPOST Off </LocationMatch> <LocationMatch "wp-content/plugins/nggallery/admin/wp25/upload.php"> SecFilterEngine Off SecFilterScanPOST Off </LocationMatch>
Wed Sep 03, 2008 1:48 am

maverick Junior Member Joined: Mon Dec 11, 2006 8:35 pm Posts: 12	I'm also having trouble with this. Customers who upload WordPress are getting blocked out because of this upload script.
Sat Feb 21, 2009 10:39 pm
Display posts from previous: Sort by

Page 1 of 1

[ 8 posts ]