Add an exclusion for mod_security

Post Reply
Marie
Junior Member
Posts: 26
Joined: 15 Dec 2006, 16:16
Contact:

Add an exclusion for mod_security

Post by Marie »

Hi Chirpy :)

I would like to NOT block people after such a mod_sec failure :
Error processing request body: Multipart: final boundary missing

How could I do that ?

Thank you !
acegames
Junior Member
Posts: 11
Joined: 19 Mar 2008, 11:51

Post by acegames »

I too would like this as I have a photo uploader from mobile phones that blocks some phones from uploading

Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"]

Request: - - [06/Jun/2008:09:03:16 +0100] "POST /membersphotos/upload.php HTTP/1.1" 406 343 "http://www.mydomain.com/membersphotos/upload.php" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 UP.Link/6.3.1.12.0" - "-"
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Why not remove the mod_security secfilter that is triggering that?
acegames
Junior Member
Posts: 11
Joined: 19 Mar 2008, 11:51

Post by acegames »

chirpy wrote:Why not remove the mod_security secfilter that is triggering that?
Sorry but I do not know how could you explain how I can do this please
noimad1
Junior Member
Posts: 7
Joined: 15 Mar 2008, 19:20

Post by noimad1 »

acegames wrote:Sorry but I do not know how could you explain how I can do this please
I can't seem to find the filter that causes this. Apparently all sorts of programs are using this uploader, such as wordpress. A whole bunch of my users have been getting blocked all of a sudden.

If you find the rule, please let me know.
surfalot
Junior Member
Posts: 2
Joined: 02 Sep 2008, 05:52

Post by surfalot »

It's not a failure of mod_security, it is a failure of adobe flash: http://bugs.adobe.com/jira/browse/FP-292. And, it's not a mod_security rule, as such, either. it's a base function of mod_security. mod_security is working perfectly since flash is not following standards.

everyones been recommending this, but it's not recommended since it leaves a whole bunch of scripts open. You can put this in a .htaccess file in the directory of the upload file.

SecFilterEngine Off
SecFilterScanPOST Off


The best approach is to make an exception for only the script in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config fle before any rules include files as such:

<LocationMatch "/wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "/wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>


These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.
surfalot
Junior Member
Posts: 2
Joined: 02 Sep 2008, 05:52

Post by surfalot »

My apologies, this should catch it server wide, regardless of the directory WordPress is installed in...

<LocationMatch "wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>
maverick
Junior Member
Posts: 12
Joined: 11 Dec 2006, 19:35

Post by maverick »

I'm also having trouble with this. Customers who upload WordPress are getting blocked out because of this upload script.
Post Reply