Does WebSphere offer an HTTP input filter / firewall like mod_security? I know that it's possible to have Apache be the HTTP server front-end to WebSphere, but that type of configuration is beyond my influence. We're stuck using just what WebSphere itself can do. EDIT - To clarify, I am not looking for authentication, authorization, o...
In my Rails app I am attempting to create a form that allows users to create a bookmark. <% form_tag( contents_path ) do %> <input name='item_type' value="Bookmark" type="hidden" /></p> <h3>Create New Bookmark</h3> <p>Title:<input name='item[title]' type="text" /></p> <p>URL:<input name='item[url]' type="text" /></p> <%= submi...
Background - I have my website code hosted on a linux server. My website allows new registrations for employers (http://www.gymandspajobs.com/Employer/Employer.php). The filled-up forms are verified by JavaScripts in the folder "/javascript" and if the information is found ok, the data is submitted via JavaScript HTTP request object and...
On my site I have a very basic setup: an 'a href' tag that just points to a file. Nothing fancy: <a href="/path/to/my/file.doc">File</a> No fancy javascript, nothing. Some users who are using old IE versions less than 8 have been having spotty problems downloading different files like this. What I've been able to trace it back to is t...
I'm on a VPS environment so I have root access, btw. So take a look at these issues: http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/tedleescreenshot1.jpg&w=100&h=100&zc=1&q=100 That returns a 404 error. However when I move timthumb.php to the root of the site, it w...
Hi I'm experiencing a super weird problem. Whenever I post links to my website on Facebook, they come up as Forbidden. The site itself works great and I have no seen this when linking on other sites. Could this be a server misconfiguration? Any thoughts on where to look? here's some Info: I have a dedicated server running WHM 11.25.0 ...
Hello people, I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error. I contacted people there(at HostGator) and they fixed it for me. But I don't want my theme to work like this. I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security ...
Hi, I'm doing a POST request to a rest service made with django and piston uploading a file, but when I do the request i get this (strange?) error: [Sun Jul 04 16:12:38 2010] [error] [client 79.39.191.166] ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer [hostname "url"] [uri "/api/odl/"] [unique_id "...
Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed. Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/a...
Hi, I'm using mod_security with the latest core rules. It triggers on all my pages whenever I use a querystring.. ie. www.mypage.com/index.php?querystring=1 I get a warning that it exceeds maximum allowed number of arguements, however the base config defines max_numb_args to = 255 which of course it doesn't exceed. Any ideas why? Ba...
i've not founded any up-to-date or passable informations, how to install apache's mod_security addon on a machine runing plesk (the thread in parallesl forum is also confusing..). # wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh # yum install mod_security # yum update as some of you maybe know, plesk runs his own apac...
Hi there, Would anyone know why some visitors on our server are being blocked by the below mod_security rule when simply right-clicking a file (.doc, .gif, .pdf, etc.) on a site to download it? They seem to be all Windows/IE users. Anything we can do short of commenting out the rule itself? Thanks for any ideas. # allow request metho...
I have plenty of bots accessing the site trying to find holes and stuff like that, so my idea was to block all non .se visitors (i dont mind google getting blocked either), that part works like a charm, but the response is 200, but i would like to give them 404 instead, any ideas? I have this in my apache.conf <IfModule mod_security2.c...
I don't know what changed in the past--this used to work: Accessing a URL on my server like the following, doesn't work: http://www.domain.com/folder/file.php?variable=a&variable2=b I'm getting a "Not found The requested address 406.shtml was not found on this server." message. However, if I access this, it works: http://www.domai...
I'm having difficulty with a php script using copy() on a shared remote host. I've read here the host may simply not allow the use of the copy() function. I started a trouble ticket and the trouble was half fixed and blamed on mod_security. I persisted and now my script is working. A strange last response, after the fix was this: "Unfor...
I'm permanently running into issues after installing & configuring modsecurity. Currently I have the following error: Message: Pattern match "(?:data:.*,)|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?" at REQUEST_BODY. [file "/usr/local/cstm/apache2/mod-security.co...