Mod Security+csf Blocking picture upload scripts such as that in wordpress?
Anyone else having problems with mod_security + csf having legitimate customers getting blocked when using image upload scripts like that found in wordpress?
I've been getting a few customers each week calling me with their IP address being blocked. When I look in the mod security rules it says:
But I can't find the rule that is causing this? Anyone else have this problem?Access denied with code 403. Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"]
You need to check in the mod_security log in /etc/httpd/logs for the rule that triggered the hit; it's easy enough to fix from there.
Originally Posted by brianoz
Brian,
Thanks for the response. That's normally what I would do, but that excerpt is from the logs....all it says is:
Access denied with code 403. Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"]
That's why I can't find the rule...
What rule sets /apache ver are you using? Have you searched them for something simple like 403 ?
If there aren't IDs associated with each rule, it's nearly impossible to search for them amongst a ton of rules in a conf file. 403 is all over the place in my conf file as well. I had gotten my rules from hostmerit or something and they did not contain IDs. So when something triggers, it's a hit or miss best guess oftentimes when trying to figure out exactly what rule was triggered.
Mike
I'm using the modsecurity_1 with the hostmerit rules as well as a few of my own custom rules.
How do you go about adding id's to them? Sounds like something that would take me forever....lol.
I've been googling that error, and apparently I'm not the only one this is happening to. It is to the point where a large majority of people are disabling the secfilter stuff in their .htaccess file. I certainly don't want users having to bypass my mod_security rules...
Without doing any research I'm just wondering whether that's an inbuilt rule. It sounds like the incoming data is mangled if a mime boundary tag is missing? Is that possible? Or maybe you are hitting a mod_security bug?
You could always go through your rules and apply tags to them all. The message you're seeing now, without any rule description, implies an internal rule to me though.
Yea, that's kind of what I was thinking. I've been looking a little more into it, and it seems to be affecting any "flash"-style upload utilities, such as the one in the new version of wordpress, and I think I saw one that was in joomla. I haven't looked into whether this upload utility uses ajax or what, but I think it has some sort of Flash front end interface....
LinkBack URL
About LinkBacks
Reply With Quote