welcome to my space

Recent Posts

Categories

Blogroll

Meta

  1. RSS
  2. valid XHTML

vB and mod_security: 500/503 errors

cfz | March 18, 2010 | | portal.polala.com

  • I have a new server guy hardening the box, and asked him not to install mod_security because of problems in the past. Well, it is there now anyway :( , and throwing 500/503 errors all over the place.

    Can anyone tell me what I need to do to either disable this thing, or how I look for the rules that need to be removed/added so that the forum will function again? A search here on mod_security pretty much shows "contact your host" as resolution, but that isn't an option as I am on a dedicated.

    Thanks in advance to anyone who can help me with this!


  • Mod_security seems to cause way more problems than what its worth.


  • Tell him to watch the mod_security log for errors, it will tell you what's causing the violation so you can remove it from your rules section.

    If the admin doesn't know this you might want to look for a new admin..

    Best


  • Mod_security seems to cause way more problems than what its worth.

    Can you give me some examples please ?

    If it's setup properly by someone that actually knows what they're doing it is excellent


  • Thanks. :)

    The audit_log was what lead me to the "^$" problem so that I knew where to start. I have seen other recommendations to comment that line out as well, so appreciate your feedback on it.

    Oddly, I haven't made the changes yet, but last night -- disabled mod_security and restarted apache. Today, some users are still reporting 503 errors, so am leaving it off for now while I try to figure out what else it might be.

    Back to the logs.... Heh.


  • Of course, but 99/100 times, the person who enables it, doesn't know what they are doing ;)


  • It also increases server load. ;)

    I disabled it, but think I have found the culprit after scouring the logs:

    SecFilterSelective "HTTP_USER_AGENTHTTP_HOST" "^$"

    I am going to add:

    SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow

    Will see if that helps anything. If not, I will comment out the USER_AGENT rule.


  • Check your /usr/local/apache/logs/audit_log

    Comment out SecFilterSelective "HTTP_USER_AGENTHTTP_HOST" "^$" that one causes to many problems.







    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about vB and mod_security: 500/503 errors , Please add it free.
    edit

    Can anyone tell me the name of the painting/poster Chuck Bass has hanging on his bedroom wall over his bed? Can you help me solve this physics problem?