| Author |
Message |
kutar
Mini Game Hunter
Joined: 03 Jun 2004
Posts: 1329
Location: Techno Island
|
 Posted: Tue Feb 12, 2008 3:53 am Post subject: html tag appear in POST = http 501? |
 |
|
After several trial, i found i am not possible to send a POST packet with "img src", which will make me got http 501 error....any solution?
_________________
Sleepless Cat‧The one looking for her path... |
|
| Back to top |
|
| |
Scott
tutorialtoday.com
Joined: 24 Mar 2005
Posts: 2600
Location: Mississauga, Ontario
|
| Posted: Tue Feb 12, 2008 6:54 am Post subject: |
|
|
It is a security measure that is in place to prevent XSS attacks. You can get rid of it by putting this in a .htaccess file:
| Code: | | SecFilterEngine off |
Although make sure you filter the input properly. (even though you should still do that when this is on as well)
_________________
Tutorial Management Script - Version 1.3 Released
TutorialToday - Up and running, submit your tutorials!
Linux Tutorials - Coming Soon |
|
| Back to top |
|
| |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 651
|
| Posted: Tue Feb 12, 2008 8:52 am Post subject: |
|
|
Actually the code is slightly different here at LLP.
| Code: | <IfModule mod_security2.c>
SecRuleRemoveById 950004
</IfModule> |
That should do the trick.
_________________
Rashy! |
|
| Back to top |
|
| |
LP-Trel
Zen
Joined: 02 Dec 2002
Posts: 5730
Location: Nirvana by Boredom
|
| Posted: Wed Feb 13, 2008 6:01 am Post subject: |
|
|
| Scott wrote: | It is a security measure that is in place to prevent XSS attacks. You can get rid of it by putting this in a .htaccess file:
| Code: | | SecFilterEngine off |
Although make sure you filter the input properly. (even though you should still do that when this is on as well) |
Disabling mod_security is never a recommended option and should only be done when absolutely required on a very selective basis. You can disable select rules using the code that Rashy has posted to take care of this when needed.
Note: If your account is not protected by mod_security and it is compromised, it may be terminated to ensure the integrity of the system. We are generally willing to work with victims of hacking when it is determined it is not their fault, but we are not usually willing to do this if security methods put into place are overridden.
Keep that in mind and remember that support tickets are available to help with these types of issues.
Edit: I've removed the rule that was causing these issues. Apparently it is becoming more common to edit templates via the script rather than via template files.
_________________
* Knowledge Base * Wiki * Forum FAQs * |
|
| Back to top |
|
| |
Jacky
President
Joined: 01 Jan 2005
Posts: 3746
Location: Earth Password: dd4b21e Sex: Male
|
| Posted: Thu Feb 21, 2008 7:38 am Post subject: |
|
|
| LP-Trel wrote: | | Scott wrote: | It is a security measure that is in place to prevent XSS attacks. You can get rid of it by putting this in a .htaccess file:
| Code: | | SecFilterEngine off |
Although make sure you filter the input properly. (even though you should still do that when this is on as well) |
Disabling mod_security is never a recommended option and should only be done when absolutely required on a very selective basis. You can disable select rules using the code that Rashy has posted to take care of this when needed.
Note: If your account is not protected by mod_security and it is compromised, it may be terminated to ensure the integrity of the system. We are generally willing to work with victims of hacking when it is determined it is not their fault, but we are not usually willing to do this if security methods put into place are overridden.
Keep that in mind and remember that support tickets are available to help with these types of issues.
Edit: I've removed the rule that was causing these issues. Apparently it is becoming more common to edit templates via the script rather than via template files. |
Security is important, but it makes no sense if some things get intercepted by the security system every other minute. The average human would just get frustrated and turn the whole system off.
_________________
Jacky |
|
| Back to top |
|
| |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 651
|
| Posted: Thu May 29, 2008 5:50 pm Post subject: |
|
|
I hope you don't mind that I resurrect this old thread, the problem is showing up again.
The code that I posted above is not doing what it should. Whenever I have that in my .htaccess file it makes the entire folder unviewable (returns a 404 error as I can tell).
Using Sec FilterEngine off on the other hand does the trick, but I immediately removed it after testing. Am I trying to block out the wrong rule ID then (it seems so, as Trel says he removed a rule in the above post)? Do I need to use a different ID? I am pretty sure it is still a problem with trying to POST an http but the error logs don't give any information that I can tell.
Additionally what is the security risk of leaving Sec FilterEngine off in just one subfolder of your site? Would adding .htaccess folder password protection help cover the security hole? I only have one folder that contains scripts that are affected by mod _security. It is a wordpress install so should be fairly secure in itself (always updated to the latest version).
(Note: spaces added cause this problem is affecting the forums too)
_________________
Rashy! |
|
| Back to top |
|
| |
LP-Trel
Zen
Joined: 02 Dec 2002
Posts: 5730
Location: Nirvana by Boredom
|
| Posted: Thu May 29, 2008 6:32 pm Post subject: |
|
|
The security system should stay out of your way unless you are trying to do penetration testing.
Put in a ticket with the content that is causing the errors for you.
Note: Attach the content in a text file to avoid the errors on the helpdesk.
_________________
* Knowledge Base * Wiki * Forum FAQs * |
|
| Back to top |
|
| |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 651
|
| Posted: Thu May 29, 2008 7:19 pm Post subject: |
|
|
Thanks for the quick response!
It will take me some time to track down the code that is causing the problems, I'll send in the ticket by Saturday night.
Thank you again, this place is amazing Trel 
_________________
Rashy! |
|
| Back to top |
|
| |
|
|
|
Forum FAQs 
Knowledge Base 
Memberlist 
Usergroups 
Hosting
Register
Donate 
Profile 
Log in 
