Add an exclusion for mod_security

Marie · Post by **Marie** » 26 May 2007, 12:16

Hi Chirpy

I would like to NOT block people after such a mod_sec failure :
Error processing request body: Multipart: final boundary missing

How could I do that ?

Thank you !

acegames · Post by **acegames** » 06 Jun 2008, 13:12

I too would like this as I have a photo uploader from mobile phones that blocks some phones from uploading

Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"]

Request: - - [06/Jun/2008:09:03:16 +0100] "POST /membersphotos/upload.php HTTP/1.1" 406 343 "http://www.mydomain.com/membersphotos/upload.php" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 UP.Link/6.3.1.12.0" - "-"

Post by **chirpy** » 11 Jun 2008, 16:50

Why not remove the mod_security secfilter that is triggering that?

acegames · Post by **acegames** » 11 Jun 2008, 16:52

chirpy wrote:Why not remove the mod_security secfilter that is triggering that?

Sorry but I do not know how could you explain how I can do this please

noimad1 · Post by **noimad1** » 28 Jun 2008, 23:02

acegames wrote:Sorry but I do not know how could you explain how I can do this please

I can't seem to find the filter that causes this. Apparently all sorts of programs are using this uploader, such as wordpress. A whole bunch of my users have been getting blocked all of a sudden.

If you find the rule, please let me know.

surfalot · Post by **surfalot** » 02 Sep 2008, 20:14

It's not a failure of mod_security, it is a failure of adobe flash: http://bugs.adobe.com/jira/browse/FP-292. And, it's not a mod_security rule, as such, either. it's a base function of mod_security. mod_security is working perfectly since flash is not following standards.

everyones been recommending this, but it's not recommended since it leaves a whole bunch of scripts open. You can put this in a .htaccess file in the directory of the upload file.

SecFilterEngine Off
SecFilterScanPOST Off

The best approach is to make an exception for only the script in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config fle before any rules include files as such:

<LocationMatch "/wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "/wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.

surfalot · Post by **surfalot** » 03 Sep 2008, 01:48

My apologies, this should catch it server wide, regardless of the directory WordPress is installed in...

<LocationMatch "wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

maverick · Post by **maverick** » 21 Feb 2009, 21:39

I'm also having trouble with this. Customers who upload WordPress are getting blocked out because of this upload script.