Remove and Uninstall or Disable ModSecurity (mod_security)

Posted on March 18, 2008 by paragon

If ModSecurity is Turned On via your Web Server , then build a .htaccess file and place it in the root of the folder running the script that may be having issues.

Issues such as Web Scripts and Broken Graphics also any script that use’s the Spaw Editor will break the format of the editor button layout, this is due to Mod_Security in effect.

Building a .htaccess file and / or adding the noted commands below will resolve. this.

ModSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server module mod_security or standalone, and thus increase web application security. However, misconfigured or overly strict rule sets, ModSecurity may cause your website to return various errors such as HTTP 403 Forbidden error or access denied error, login problems, or HTTP 412 Precondition Failed error, or HTTP 406 Not Acceptable error and other false positive symptoms.

To make matter worse, the configuration of ModSecurity rules and filters have to be done manually. Although there are free predefined certified rule set which can be used with ModSecurity out of the box, however the rule sets may be not suitable for each and every environment and may interfere with the operation of websites or blogs, and customizing and modifying the rules may be too sophisticated or complicated for some users. And for some websites that hosted on shared hosting service, the mod_security may be enable by default without options. So in this case, the best solution or workaround for mod security related issues is to disable mod_security filtering and rules.

If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

SecFilterEngine Off
SecFilterScanPOST Off

The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.

Uninstallation of ModSecurity (mod_security) from Apache module

The easiest way to remove and uninstall mod_security is to comment out or delete the related mod_security entries from httpd.conf Apache configuration file. The lines that should be removed include:

AddModule mod_security.c
LoadModule security_module modules/mod_security.so
Include “/usr/local/apache/conf/modsec.conf” This line may be different depending on what variant of Linux or Unix you used and the installation location

Save the httpd.conf and restart the Apache. ModSecurity will not be loaded and as if uninstalled.

If you’re using WebHost Manager (WHM), uninstallation is even simpler. Just scroll to cPanel section, and click on Addon Modules. Then scroll to module named modsecurity. It should be checked Install and Keep Updated currently. Just click on Uninstall to remove the mod security feature from Apache web server.

Filed under: development, paragonhost, phpfox, scripts | Tagged: , , , , , , , , , , | Leave a comment »

Broken Graphics with Apache Linux Servers with Mod Security On

Posted on March 18, 2008 by paragon

I was installing LW Forum from http://www.phpsns.com mods for phpfox and encountered broken graphics via the Quick Reply part of the mod / forum:

Here is the fix to create a .htaccess file and place it in the graphics directory:

I have the solution for the Broken Graphics, has to do with Mod Security, I built a .htaccess file and planted it in the graphics directory and it works:

*** Now I just need the 100% Table width resolved when reading a post as a member.

Here is the solution to Broken Graphics on servers with Mod Security Enabled:

================================================== =======

HTTP 406 Not Acceptable error – Mod Security

SolutionQuite often serves have a module running called mod_security. This has been known to prevent access to certain areas of CubeCart which the server mistakenly thinks are not secure for one reason or another.

On some servers this can be fixed by creating a file called htaccess.txt on your local computer. Make sure it has the content:

SecFilterEngine Off
SecFilterScanPOST Off

================================================== ======

Cheers!

Dave

Quote:
Originally Posted by paragonhost
Installed LW Forum last night and this morning…

Went well.

2 issues

1) All Icons are broken in the Quick Reply , verifed the path that the script calls and the graphic is there. Also forced Binary upload , check permissions on all folds down the path to the graphic and they all have Read Permissions.

2) Screen width when viewing a forum post blows out to 100% for members, would like that to stay within the boundries of phpfox table width.

I have sent in an open ticket.

Anyone else let me know

Thanks!

Dave

Filed under: development, myclearskin.net, paragonhost, phpfox, scripts | Tagged: , , , , , , | Leave a comment »

Short URL’s with phpFox and Apache Mod_ReWrite

Posted on March 16, 2008 by paragon

>>> First be sure that Apache via httpd.conf file support Mod_ReWrite

Enable mod_rewriteFind the httpd.conf file (usually you will find it in a folder called conf, config or something along those lines)

Inside the httpd.conf file uncomment the line LoadModule rewrite_module modules/mod_rewrite.so (remove the pound ‘#’ sign from in front of the line)

Also find the line ClearModuleList is uncommented then find and make sure that the line AddModule mod_rewrite.c is not commented out.

>>> Now you are ready to make phpfox use short URL

*** First build a .htaaccess file and put it in your home directory

If your site is off the home director of your site, then remove portal

In this example , the site was installed on a sub directory portal

RewriteCond %{REQUEST_URI} !^/portal/file/.*
RewriteCond %{REQUEST_URI} !^/portal/install/.*
RewriteCond %{REQUEST_URI} !^/portal/update/.*
RewriteCond %{REQUEST_URI} !^/portal/design/.*
RewriteCond %{REQUEST_URI} !^/portal/plugins/.*
RewriteCond %{REQUEST_URI} !^/portal/site/.*
RewriteCond %{REQUEST_URI} !^/portal/include/.*
RewriteRule ^index.php(/.*)$ /portal/index.php?do=$1 [L]

RewriteCond %{REQUEST_URI} !^/portal/file/.*
RewriteCond %{REQUEST_URI} !^/portal/install/.*
RewriteCond %{REQUEST_URI} !^/portal/update/.*
RewriteCond %{REQUEST_URI} !^/portal/design/.*
RewriteCond %{REQUEST_URI} !^/portal/plugins/.*
RewriteCond %{REQUEST_URI} !^/portal/site/.*
RewriteCond %{REQUEST_URI} !^/portal/include/.*
RewriteCond %{REQUEST_URI} !^/portal/index.php
RewriteRule ^(.*)$ /portal/index.php?do=/$1 [L]

*** Then update your conf file for phpfox ( example of 1.6 build )

1. go to to include/settings/ and find server.sett.php
2. open this file up ini your favorite text editor

$_CONF[‘rewrite_engine’] = true;
$_CONF[‘path_translated’] = true;

*** Now your site can use “short urls”

Cheers,

-DS

Filed under: development, myclearskin.net, paragonhost, phpfox | Leave a comment »

New Mods and Updates via Korsort.org 03/07/08

Posted on March 7, 2008 by paragon

Source: http://www.Konsort.org

Hey everyone,

Just a quick newsletter to keep you all up to date on what we’ve been up to.

New Support:

We just hired a new full time Technical Support Specialist, Jim Shaeffer,
so we’d all like to welcome him as the latest addition to the konsort.org
team! Our response times in the last 48 hours since his hiring have
already improved greatly, especially for our unlimited installations and
hands on support for our Premium Support Members.

New Modifications:

Ryan Hutton, our senior programmer, is in the late stages of developing a
brand new, major modification, something that has never been seen before
at phpfox. No details yet, it’ll be a big surprise!

New Updates:

Here’s our latest updates that we released.

– My Schools
The My Schools mod just received a major content update. My School pages
now have an improved home page display, improved categorizing, can now
email users in addition to the already available comments and messages,
improved search for both users and admins which can now be searched by
keyword and can be sorted by location such as city, state, and country.
The biggest and most notable addition was the galleries! School pages now
have their own galleries for greater ‘yearbook’ competing potential.

– Sub-Profiles
If you want your users to be able to make profiles for their cars, pets,
kids, jobs, etc., this is the mod for you! Recently added were individual
galleries for the greatest image features. Also added was greater admin
control options.

– Birthday Emails, Profile Fields Adder, and Usertype Fields
All three of these recently received a quick bug fix update that smoothed
out some edges. Special thanks to those who reported these at
konsort.org/support!

Remember, if you want any of our mods, post a full list at
konsort.org/support and we’ll send you a discounted invoice today!

Cheers!
-Citizen and the Konsort.org Team

Filed under: development, paragonhost, phpfox, scripts, social networking | Tagged: , , , , , , | Leave a comment »