mod_security causing issue?

Installation issues with WoWRoster

mod_security causing issue?

Postby Soulreaver418 » Tue Nov 25, 2008 8:43 pm

I haven't seen this posted anywhere, or at least where I could find with the magical search button.

Anyhow, problem is when I go to install roster, I get to the 2nd step, to write the mysql tables, and it goes to a blank page, error 406.

Now, I know this is nothing to do on my end, it's the server security settings, however I have spoken to my webmaster and he can not allow name=http:// type calls. Anyone know if I can work around this? Other than changing hosts?

I can manually create the sql tables no problem, but I need to know what else is written during that setup so that I might be able to manually do it, or if that is even possible...

the original message I received was:

I can't allow the name=http:// type calls as that is the same type call that the hackers use. You will need to find a work-around.

<off topic> Why is the website soooooooo slow, and lockup-ish?
Soulreaver418
WR.net Apprentice
WR.net Apprentice
 
Posts: 6
Joined: Wed May 23, 2007 12:38 am

Re: mod_security causing issue?

Postby Calystos » Tue Nov 25, 2008 9:18 pm

Don't know if this'll help you but it worked for me when my server host had security mod issues.

Create or Edit .htaccess and add the following to it (I added to the top but anywhere should be fine I guess).

Code: Select all
# Turn off mod_security filtering.
SecFilterEngine Off
SecFilterScanPOST Off


Hope that helps, as I said it worked for me. Then I finally got the admin to change the security settings on php, hehe. :-)

EDIT: Dumb me, I left in the # bits by mistake, doh!
Last edited by Calystos on Wed Nov 26, 2008 7:20 pm, edited 1 time in total.
User avatar
Calystos
UA/UU Developer
UA/UU Developer
 
Posts: 140
Joined: Tue Mar 04, 2008 10:57 am
Location: Earth

mod_security causing issue?

Postby Soulreaver418 » Tue Nov 25, 2008 10:36 pm

Unfortunately this did nothing, thank you for the suggestion!
Soulreaver418
WR.net Apprentice
WR.net Apprentice
 
Posts: 6
Joined: Wed May 23, 2007 12:38 am

mod_security causing issue?

Postby zanix » Tue Nov 25, 2008 10:39 pm

We have been fighting mod_security for years and other than the suggestion by Calystos, we have yet to win

Nobody has found the exact cause of this problem
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

mod_security causing issue?

Postby Soulreaver418 » Tue Nov 25, 2008 10:56 pm

Sad panda.... :(

Sad panda indeed.

I will continue to work out this problem with my webhost, as I throughly enjoyed using roster a while back and looked forward to doing it again.

I'll post any new info I get here, one thing he did ask was:

What is the purpose of the name=http:// value pair? Is it actually linking to an external site?
Soulreaver418
WR.net Apprentice
WR.net Apprentice
 
Posts: 6
Joined: Wed May 23, 2007 12:38 am

Re: mod_security causing issue?

Postby Calystos » Wed Nov 26, 2008 2:22 am

Sorry to hear it didn't work, well it was worth a try, :)

Hopefully one day sooner or later someone will figure out the root cause and we'll have a proper fix.

Til that day, all I can think of are two choices, 1) switch to a different host service or 2) get the existing service admin to allow the security changes on your account. Or at least partly to allow certain parts to work again. Who knows maybe they'll change their minds if you discuss it clearly with them and explain whats needed and what its for and what it will do, etc. No harm in trying, an maybe they'll actually listen, :)
User avatar
Calystos
UA/UU Developer
UA/UU Developer
 
Posts: 140
Joined: Tue Mar 04, 2008 10:57 am
Location: Earth

mod_security causing issue?

Postby Soulreaver418 » Wed Nov 26, 2008 3:50 am

Yea, I tried to discuss it with him, (him being the developer of RavenNuke, as thats where I host my site) but he didn't want to open that as hackers use the same pair or w/e.

So, looks like I am upcreek without a paddle, unless someone can tell me how to manually install wowroster.
Soulreaver418
WR.net Apprentice
WR.net Apprentice
 
Posts: 6
Joined: Wed May 23, 2007 12:38 am

Re: mod_security causing issue?

Postby Calystos » Wed Nov 26, 2008 4:27 am

What, he can't open it per-user account?

Sounds to me like he's a bit over-paranoid. I bet theres major problems having this disabled let alone the roster situation. I'm gonna have to look into that I think, hehe. Am curious now.

EDIT: Manual install is possible if you have access to something like phpMyAdmin perhaps, then you can upload the SQL database that way. Though it'll be a bit fiddly as you'd have to manually upload the data/etc too. Then you can simply edit the config file to point to it and away you go.

Not sure if there would be anything more to it than that or if you'd even have any other problems with the security issues.
Last edited by Calystos on Wed Nov 26, 2008 4:29 am, edited 1 time in total.
User avatar
Calystos
UA/UU Developer
UA/UU Developer
 
Posts: 140
Joined: Tue Mar 04, 2008 10:57 am
Location: Earth

mod_security causing issue?

Postby Soulreaver418 » Wed Nov 26, 2008 4:44 am

Ok, so I googled the .htaccess you posted and came across this,

<IfModule mod_security.c>
# Turn off mod_security filtering. SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>

I pasted it into the .htaccess at my server root and the one in the roster root dir and its working now. *shrug*
Soulreaver418
WR.net Apprentice
WR.net Apprentice
 
Posts: 6
Joined: Wed May 23, 2007 12:38 am

mod_security causing issue?

Postby ScratchMonkey » Wed Nov 26, 2008 9:03 am

That's basically the one posted earlier, but the earlier one had the Apache directives commented out, so it wouldn't have had any effect. (The IfModule tags keep the web server from throwing an error if used on a server that doesn't have mod_security installed.)
Image
User avatar
ScratchMonkey
WR.net Expert
WR.net Expert
 
Posts: 212
Joined: Wed Jul 05, 2006 4:32 pm
Location: San Pablo, CA

mod_security causing issue?

Postby zanix » Wed Nov 26, 2008 9:05 am

I would like to know what the name=http:// value pair thing your host asked is about, or where he has seen it
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

mod_security causing issue?

Postby zanix » Wed Nov 26, 2008 9:21 am

Can you do me a favor?

Reinstall Roster
Remove your edits to .htaccess
Remove this section in install.php
Code: Select all
   $location = str_replace('http://www.wowroster.net','',ROSTER_UPDATECHECK);

   $sh = @fsockopen('wowroster.net', 80, $errno, $error, 5);
   if( !$sh )
   {
      $their_roster_version = 'Connection to wowroster.net failed.';
   }
   else
   {
      @fputs($sh, "GET $location HTTP/1.1\r\nHost: wowroster.net\r\nConnection: close\r\n\r\n");
      while( !@feof($sh) )
      {
         $content = @fgets($sh, 512);
         if( preg_match('#<version>(.+)</version>#i', $content, $version) )
         {
            $their_roster_version = $version[1];
            break;
         }
      }
   }
   @fclose($sh);


And try to install again
Last edited by zanix on Wed Nov 26, 2008 9:33 am, edited 1 time in total.
Read the Forum Rules, the WiKi, and Search before posting!
WoWRoster v2.1 - SigGen v0.3.3.523 - WoWRosterDF
User avatar
zanix
Admin
Admin
WoWRoster.net Dev Team
WoWRoster.net Dev Team
UA/UU Developer
UA/UU Developer
 
Posts: 5543
Joined: Mon Jul 03, 2006 8:29 am
Location: Idaho Falls, Idaho
Realm: Doomhammer (PvE) - US

Re: mod_security causing issue?

Postby Calystos » Wed Nov 26, 2008 7:21 pm

ScratchMonkey wrote:That's basically the one posted earlier, but the earlier one had the Apache directives commented out, so it wouldn't have had any effect. (The IfModule tags keep the web server from throwing an error if used on a server that doesn't have mod_security installed.)

Yup, I just noticed I'd left in the # bits on the 2 command lines by mistake. Its cos I just copied/pasted them direct from my .htaccess file since I rem'd them out as I no longer needed them, lol.
User avatar
Calystos
UA/UU Developer
UA/UU Developer
 
Posts: 140
Joined: Tue Mar 04, 2008 10:57 am
Location: Earth


Return to Installation

Who is online

Users browsing this forum: No registered users and 0 guests

cron