GetSimple Support Forum

GetSimple Support Forum > GetSimple > General Questions and Problems > mod_security blocking some component content
Full Version: mod_security blocking some component content
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

davetest

2015-02-13, 03:16:59
I'm finding mod_security blocking some of my content in components and giving me a 'page not found' error, rather than saving the component. It particularly seems to hate <script></script> tags, regardless of the tag content.

Obviously I can try asking my host for help, or even move elsewhere, but I thought it may be worth asking here first on the offchance someone else has had a similar problem.

Strangely I never get the same problem when saving the exact same code into a page via 'edit page' (script view), so that made me wonder if there was a solution via GS?

shawn_a

2015-02-13, 03:43:22
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/517

you can disable mod_sec for specific ips, if your host allows it, you can also disable specific rules, if your host error log mentions it.

It has to do with the script reflecting back to the browser, being in an input stream and output stream or something probably.

We probably need a way to encode this all before sending it to bypass these kinds of filters.

davetest

2015-02-13, 06:59:27
Thanks shaun_a, I sort of guessed that, so thanks for the confirmation. My current host is 'thinking' about if they can help, so it could cause me a lot of trouble if I need to move :-(

Wow it would be great to find a solution for the future if some encoding method could be considered for future versions as I may be getting a similar problem on another GS site with the Catalog Plugin.

Have you any thoughts on why my problem code that throws an error in components, seems to save ok if in page contents?

shawn_a

2015-02-13, 07:07:50
did you try the htaccess rule i posted in that github issue ?
It works for me

davetest

2015-02-13, 08:40:34
(2015-02-13, 07:07:50)shawn_a Wrote: [ -> ]did you try the htaccess rule i posted in that github issue ?
It works for me

Yes I tried that, but didn't work and I think it is no longer and option in new versions of mod_sec. I've managed to get my host to include an exception for me, so it is all working. I also got them to do the same for my similar problem with GS-Catalog plugin, so I'm a happy bunny again.

For the future, with servers setting getting ever more secure, if it would be possible to incorporate a way of avoiding the problem.

Thanks again for your help
GetSimple Support Forum > GetSimple > General Questions and Problems > mod_security blocking some component content