Error Posting Message

onyxchase

Active member
Hi,

A member on my board is getting this weird ERROR 500 message (which I was able to reproduce) when he tries to write the following message, could anyone help me as to why this could be? It's only for long messages...

Nothing shows up in the error log from admin panel unfortunately.
 

Attachments

OK I have diagnosed the problem and it is because of mod_security. Unfortunately I cannot disable it via .htaccess as the new version does not allow this, but it's the first time this ever happened so I'll give it a pass.
 
There was several other occurrences of this with my members, so I had to literally disable it for my domain name. If someone figures out a way to disable it for just the forum URL, then please let me know. It's be nice to disable it only for like domain.com/xenforo/ ;)

Here is what I did:

Added the line:

Code:
SecRule SERVER_NAME "\.domain\.com$" "phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off"

In 'modsec2/custom.conf'

It didn't work via .htaccess.
 
There was several other occurrences of this with my members, so I had to literally disable it for my domain name. If someone figures out a way to disable it for just the forum URL, then please let me know. It's be nice to disable it only for like domain.com/xenforo/ ;)

Here is what I did:

Added the line:

Code:
SecRule SERVER_NAME "\.domain\.com$" "phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off"

In 'modsec2/custom.conf'

It didn't work via .htaccess.
Thanks for the report. I am sure it will help others.


Depending on your comfort level, disabling mod_security can make your site less secure.
Many sites probably have it disabled.

We got mod_security problems when we used these words in the title:

tftp
wget

To fix it we used the censor system to change wget to w-g-e-t , etc.
We wanted to keep m0d_security on.
 
I agree. We're technically supposed to let them know of false detections so that they can code it into the mod_security2. But I've had about 150 false detections in the last 2 days alone, with about 15 different unique rules. And I've checked the IPs and they are from legitimate forum users. I've never had this problem with mod_security1. I guess it's more secure, but a pain to work with.

I think we're 'supposed' to add exceptions to the rules for the domains that have false alarms. I may still do this.
 
Top Bottom