Apache mod_securtiy conflicts with $_POST variables?

tuffy · January 27th, 2007, 6:27 PM

If you have a $_POST variable containing the word "curl", I get 403 errors.

People on my forum are trying to post on my forum with the word curl in their post, and it's 403'ing for them. I researched it and apparently its Apache's mod_security module blocking(?) the expression "curl *".

Can this be fixed through cPanel? If not, can someone at Surpass fix this?

**Geoff** · January 27th, 2007, 6:33 PM

lol its implemented in order to stop people from taking advantage of holes in any scripts you might be running, which would allow them access to curl, and other misc utilities/features, and so on

I personally recommend you leave it on, it only makes your site more secure, but if you really wish to turn it off, create an .htaccess file in your forums root folder with the following in it:

SecFilterEngine Off

and that should turn off mod_security for that directory.

tuffy · January 27th, 2007, 6:56 PM

Well I find it pretty retarded that I can't have people posting sentences like "I curl 50lb dumbells" on my bodybuilding forum

Thank you for that solution.

**Geoff** · January 27th, 2007, 7:00 PM

perhaps, but im sure when phpBB or whatever gets another major vulnerability and you find "Pwnd by 1337h4cker" accross your home page or forums, which might have been stopped rather easily by mod_security, youll find that pretty retarded too

**DewKnight** · January 27th, 2007, 7:02 PM

I believe that it's just a small error that needs to be fixed as far as the word curl being blocked. File a ticket with support, and they should be able to fix the problem

**cowboy** · January 27th, 2007, 9:17 PM

Quote:

Originally Posted by tuffy

If you have a $_POST variable containing the word "curl", I get 403 errors.

People on my forum are trying to post on my forum with the word curl in their post, and it's 403'ing for them. I researched it and apparently its Apache's mod_security module blocking(?) the expression "curl *".

Can this be fixed through cPanel? If not, can someone at Surpass fix this?

On sites which use banned words as normal conversation, write a small javascript code to activate on submit which searches for these words and appends them with a nonstandard character, like a double dagger in the second position (c‡url). Then a preg_replace statement to remove it after submission and at the same time check for patterns used with cURL commands and intercept them yourself.

January 27th, 2007, 6:27 PM	#1 (permalink)
tuffy Registered User Fresh Surpasser Joined in Nov 2006 29 posts Gave thanks: 0 Thanked 1 Time in 1 Post	Apache mod_securtiy conflicts with $_POST variables? If you have a $_POST variable containing the word "curl", I get 403 errors. People on my forum are trying to post on my forum with the word curl in their post, and it's 403'ing for them. I researched it and apparently its Apache's mod_security module blocking(?) the expression "curl *". Can this be fixed through cPanel? If not, can someone at Surpass fix this?

January 27th, 2007, 6:33 PM	#2 (permalink)
Geoff Yabadabadoo Super #1 Joined in Nov 2004 Lives in B.C., Canada Hosted on Dedicated 1,013 posts Gave thanks: 7 Thanked 28 times	lol its implemented in order to stop people from taking advantage of holes in any scripts you might be running, which would allow them access to curl, and other misc utilities/features, and so on I personally recommend you leave it on, it only makes your site more secure, but if you really wish to turn it off, create an .htaccess file in your forums root folder with the following in it: SecFilterEngine Off and that should turn off mod_security for that directory. __________________ Geoff Ellis - Surpass Dedicated Server Customer www.adepttechs.net

January 27th, 2007, 7:00 PM	#4 (permalink)
Geoff Yabadabadoo Super #1 Joined in Nov 2004 Lives in B.C., Canada Hosted on Dedicated 1,013 posts Gave thanks: 7 Thanked 28 times	perhaps, but im sure when phpBB or whatever gets another major vulnerability and you find "Pwnd by 1337h4cker" accross your home page or forums, which might have been stopped rather easily by mod_security, youll find that pretty retarded too __________________ Geoff Ellis - Surpass Dedicated Server Customer www.adepttechs.net

January 27th, 2007, 7:02 PM	#5 (permalink)
DewKnight Skittles Super #1 Joined in Aug 2004 Lives in a space ship Hosted on dedi 6,826 posts Gave thanks: 103 Thanked 199 times	I believe that it's just a small error that needs to be fixed as far as the word curl being blocked. File a ticket with support, and they should be able to fix the problem __________________ Mountain Dew Knight People should not be afraid of their governments. Governments should be afraid of their people.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

January 27th, 2007, 6:56 PM	#3 (permalink)
tuffy Registered User Fresh Surpasser Joined in Nov 2006 29 posts Gave thanks: 0 Thanked 1 Time in 1 Post	Well I find it pretty retarded that I can't have people posting sentences like "I curl 50lb dumbells" on my bodybuilding forum Thank you for that solution.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)