isaacl
Forum Replies Created
-
Will try that – thanks!
Is there any way to figure out what might be blocking things?
Thanks.After much testing, there seem to be 2 lines there that are causing the code not to save:
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]and
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]As long as I remove those 2 lines, everything saves correctly.
So for now, I pulled them out.
Is there any way of figuring out why those lines would cause the custom code not to save?
Thanks!Seems like the issue is with reading/writing something in that custom code from the database.
Just tried editing the database directly, and it saves there with no issue, but then it won’t show any of the custom code within the plugin…
Still no luck, even if I just have the mod_security rules in a htaccess file (without anything else).
Seems like there must be something wrong with the plugin – I had this once before, but an update fixed it at the time…I’ll see if I can figure everything out, and try that…
And don’t forget, the rules are in the current file, just it has the extra %27’s in there, but I’m not really changing much by saving the new settings.
I might also try removing the current htaccess rules, and then try saving the updated version…
Thanks.But it’s weird that I can save some rules, and not save others…
Is there any way that you have a few minutes to take a look at the site/server?Just FYI – I tried putting just this in the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS area:
# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%3C|%3E|%00) [NC,OR]
# END BPSQSE BPS QUERY STRING EXPLOITSAnd I was able to save that.
But pasting in the rest of the code caused an issue…
Is there any easy way to narrow down which line could be causing the issue?mod_security is installed, but I don’t know if there’s any way to check what would be blocking the htaccess change, and everything seemed to be working up until now…
Will try that now.Assuming you’re referring to this, this is what I have in the httpd.conf file:
<Directory “/”>
Options ExecCGI FollowSymLinks IncludesNOEXEC Indexes SymLinksIfOwnerMatch
AllowOverride All
</Directory>Where do I want to put that first code?
And I don’t think I’m using vhosts for anything…The first test worked fine, and the second test worked as well.
I run my own server – had updated to PHP 5.4 not so long ago, but I don’t think that’s affecting anything.
Any other ideas?
Thanks!Editing just those 3 rules on the htaccess File Editor page didn’t work, so something’s wrong…
Edit: Even just hitting save on the htaccess File Editor page takes me back to the main page of the site…OK, will try that then, thanks!