Page 1 of 1

Add an exclusion for mod_security

Posted: 26 May 2007, 12:16
by Marie
Hi Chirpy :)

I would like to NOT block people after such a mod_sec failure :
Error processing request body: Multipart: final boundary missing

How could I do that ?

Thank you !

Posted: 06 Jun 2008, 13:12
by acegames
I too would like this as I have a photo uploader from mobile phones that blocks some phones from uploading

Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"]

Request: - - [06/Jun/2008:09:03:16 +0100] "POST /membersphotos/upload.php HTTP/1.1" 406 343 "http://www.mydomain.com/membersphotos/upload.php" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 UP.Link/6.3.1.12.0" - "-"

Posted: 11 Jun 2008, 16:50
by chirpy
Why not remove the mod_security secfilter that is triggering that?

Posted: 11 Jun 2008, 16:52
by acegames
chirpy wrote:Why not remove the mod_security secfilter that is triggering that?
Sorry but I do not know how could you explain how I can do this please

Posted: 28 Jun 2008, 23:02
by noimad1
acegames wrote:Sorry but I do not know how could you explain how I can do this please
I can't seem to find the filter that causes this. Apparently all sorts of programs are using this uploader, such as wordpress. A whole bunch of my users have been getting blocked all of a sudden.

If you find the rule, please let me know.

Posted: 02 Sep 2008, 20:14
by surfalot
It's not a failure of mod_security, it is a failure of adobe flash: http://bugs.adobe.com/jira/browse/FP-292. And, it's not a mod_security rule, as such, either. it's a base function of mod_security. mod_security is working perfectly since flash is not following standards.

everyones been recommending this, but it's not recommended since it leaves a whole bunch of scripts open. You can put this in a .htaccess file in the directory of the upload file.

SecFilterEngine Off
SecFilterScanPOST Off


The best approach is to make an exception for only the script in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config fle before any rules include files as such:

<LocationMatch "/wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "/wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>


These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.

Posted: 03 Sep 2008, 01:48
by surfalot
My apologies, this should catch it server wide, regardless of the directory WordPress is installed in...

<LocationMatch "wp-admin/async-upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

<LocationMatch "wp-content/plugins/nggallery/admin/wp25/upload.php">
SecFilterEngine Off
SecFilterScanPOST Off
</LocationMatch>

Posted: 21 Feb 2009, 21:39
by maverick
I'm also having trouble with this. Customers who upload WordPress are getting blocked out because of this upload script.