Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod_securit and phpBB |
|
| Author |
|
strigoi
Joined: 15 Dec 2005
Posts: 36
|
 Posted: Sat 24 Dec '05 22:08 Post subject: mod_securit and phpBB |
 |
|
Good day to you, having a single issue with the apache security mod, i run a phpbb board one 1 of my sites, with the apache security,
when i go to move a catagory up or down in my ACP for phpbb, i get a 404, apache error log shows this
[Fri Dec 23 20:24:42 2005] [error] [client 192.168.11.156] mod_security: Access denied with code 403. Pattern match "^(uname|id|ls|cat|rm|kill)" at ARGS_VALUES("mode") [msg "Command execution attack"] [hostname " www.pirates-paradise.com"] [uri "/Forum/admin/admin_forums.php?mode=cat_order&move=-15&c=25&sid=386ba04828403a2df690964c82a19707"]
could you please let me know if theres any changes i can make, to allow me to move catagories,
happy holidays to you, and a great new year |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3094
Location: Hilversum, NL, EU
|
| Posted: Sat 24 Dec '05 23:08 Post subject: |
|
|
A rule you use is catching the phpBB request on "..mode=cat_order..."
Remove the "cat" out of the rule:
SecFilterSelective ARGS_VALUES "^(uname|id|ls|cat|rm|kill)"
so it becomes:
SecFilterSelective ARGS_VALUES "^(uname|id|ls|rm|kill)"
Please let us know if this helps,
Steffen |
|
| Back to top |
|
strigoi
Joined: 15 Dec 2005
Posts: 36
|
| Posted: Sun 25 Dec '05 8:31 Post subject: phpbb issues |
|
|
once again steffan your spot on, problem RESOLVED, i thank you again for your time, and wish you the best in the comming new year.
Strigoi |
|
| Back to top |
|
|
|
|
|
|
