Mod_Security help please - Joomla! Forum - community, help and support

-

in install extensions unable click on components | modules | plugins | languages | templates links. when did, got error:

code: select all

forbidden

you don't have permission access /administrator/index.php on server.

additionally, 404 not found error encountered while trying use errordocument handle request.


so did bit of searching , found if turned off mod_security adding following code .htaccess file in joomla root worked.

code: select all

#disable mod security
#secfilterengine off
secfilterscanpost off


my questions are
1. why need turn off/why doesnt work on?
2. security risk turning off.

i on j1.5.10, php version: 5.2.8, database version: 4.1.22-standard

i have read info on mod_security still dont understand it.
mod_security apache webserver module, (it nothing directly joomla!) used filter potentially dangerous requests sites. therefore, removing or modifying rules configured in mod_security has potential explose site in cases.

more information can found @ http://www.askapache.com/htaccess/mod_s ... ricks.html or search web mod_security , find many many references.

mod_security maybe manipulated within .htaccess file if host allows it, examples shown below;
the example lines in bold canbe used, if allowed, temporarily turn off mod_security finctionality on site testing purposes, check if fixes issue.


# turn filtering engine on or off or dynamiconly cgi/php/etc
secfilterengine off

# log suspicious requests
secauditengine relevantonly

# goes 9 @ 2 overwhelming trust me
secfilterdebuglevel 0

# make sure url encoding valid
secfiltercheckurlencoding on

# unicode encoding check
secfiltercheckunicodeencoding off

# should mod_security inspect post payloads
secfilterscanpost on

# default rule apply inherited rules
secfilterdefaultaction "deny,log,status:500"

most host has either increased mod_security filters or installed th ebasic filters not take in account php, need tal host regarding filters settings.

in many respects, turning off mod_security reduces site protection , increases potential risk of compromise, in general better have mod_secuirty running.





Comments

Post a Comment

Popular posts from this blog

Joomla site hacked, cant see front and - Joomla! Forum - community, help and support

-
hi all; here thing: i went see site because haven't visited week or 2 , surprised when saw white page some provocation written on tab , acronym of attacker on page. i log on ftp server see if files there , found vital data remind safe. i tried put site off line got same hackers index.html file displaying when press "preview" button in joomla admin. deleted index.html file , tried check offline site option again. time got offline page. but problem resumes when put site online... white page, nothing else written. site date, , joomla updated v. 1.5.10 few days back. virtuemart commponent installed, newest v. 1.1.3 do need install fresh joomla copy , overwrite files previous including data base, or can avoid job fixing index.html on front end. i didn't make backup copy of site, i'll if not working save date in case potential hacker delete server... any suggestions? check template index.html file (edit html in template manager active template) usual source of hacking...
Read more

Christian Home School Programs - Joomla! Forum - community, help and support

-
Image
hello guys, (my first custom template) i got son in accelerated christian home school program. they did not have web site designing , hosting cover fees in trade. website: christian home school programs i've not got content published... the graphics imagination i've installed jumi i have directphp installed mostly custom css layout , i've used css purity seo, christian home shool - 200 million+ organics i have optimized code behind visual design crawlers. any thoughts / recommendations? i'm new custom templating in joomla ears open gurus of joomla richard hey, well done on first custom template. i don't background... @ all. think should going more professional look, maybe isnt repeating on both x , y axis, , isnt shade of blue. as far content goes, there isnt much... site performance good. good luck tim Board index Joomla! Official Sites & Infrastructure Sites & Infrastructure - Feedback/Information ...
Read more

Trouble with PF_OutFlag_I_USE_AUDIO and PF_CHECKOUT_LAYER_AUDIO

-
i trying render graphical representation of layer's audio waveform. have seen this similar thread , problem checking out audio, cannot far.   in globalsetup function set out_flags thus..   out_data-> out_flags = pf_outflag_i_use_audio;   but in pf_cmd_frame_setup function, , pf_cmd_render function ( pf_cmd_smart_pre_render pf_cmd_smart_render)   the pf_indata src_snd structure empty , in_data->start_sampl == 0, in_data->dur_sampl == 0, in_data->total_sampl == 0     i missing something, appreciate guidance,   thanks   steve (london, uk - adobe plugin developers nearby?) More discussions in After Effects SDK adobe
Read more