8 years ago
3
Topic

Hi guys. 

I've found a few old posts about mod_security, but nothing which answers this question, so here goes.

I have twice been blocked by the mod_security on my server, when entering new fields for a custom content type. 

On the first occasion I was entering an sql string to define a "select dynamic", and assumed that mod_security had simply misinterpreted it. I solved the problem by entering the sql directly into the relevant field using phpmyadmin. This worked fine. 

On the second occasion, I was entering text into the wysiwyg editor for a "free text" field, and I happened to write the following, without thinking anything of it:

"Select tags from the list, or create a new one by typing in the box, and pressing <strong>enter</strong>." 

Note how the sentence starts! 

Does this just happen to match a pattern mod_security is looking for, or is it something to do with Seblod - if so, how do I fix it?

I'm developing a site to list various vendors, and don't want people getting blocked if they were to enter "Select dishes from my delicious fresh menu", for example, from the frontend.

The sql which caused the problem the first time was:

select id as value, path, concat(repeat('+', length(path)-length(replace(path,'/','')) -1), title) as text from #__categories where path like 'supplier-cat/%' order by path asc 

But this simplified version worked ok:

select id as value, path, title as text from #__categories where path like 'supplier-cat%' order by path asc 

The people running the server insist that all their settings are just fine, and can't be changed, since it's a shared server. 

Thanks in advance for any ideas.

Get a VIP membership
4229 Posts
Kadministrator
8 years ago
1
Level 1

Hi,

not much you can do here except change hosting provider. Generally when dealing with mod_security it is best to disable it for administrator pages totally and protect against hacker by password protecting it using apache .htaccess.

8 years ago
0
Level 2

Thanks Klas,

I thought you would say something like that :)

I've already got extra security for backend, it's users getting blocked on front end I am most concerned about. Will try to persuade my client to change servers.

Thanks m8.

251 Posts
Viktor Iwan
8 years ago
0
Level 1

Yes, i think seblod using a bit of SQL for data send/request... several of my client are using SUCURI.net as their site firewall... and the way SEBLOD works sometime deteced as backend phising/injection... we're sure that false alarm... but yeah perhaps for security team it was not a good practice for doing such way

Get a VIP membership