Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

mod_security

edited April 2012 in Vanilla 2.0 - 2.8

Hi,
I am getting Forbidden Error (http://i40.tinypic.com/243ngx5.png) from the server side. The hosting tech support suggested to edit .htaccess file but that did not help. Now they are asking me:

Let me know if the script (vanilla forum) need 'mod_security' disabled.

(ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. )

I also do not want to risk my forum with spams. Should I have 'mod_security' disabled if that would help getting rid of this error.

Answers

  • Options
    422422 Developer MVP

    no don't disable mod security.

    Wait for x00 or todd , underdog or lincoln or tim

    There was an error rendering this rich post.

  • Options
    edited April 2012

    they asked me to put "Options +Indexes" in the .htaccess file.
    I have 2 .htaccess files: one in the root folder, and one in the subfolder where vanilla forum is installed. Could this forbidden error be related to this somehow????

  • Options
    UnderDogUnderDog MVP
    edited April 2012

    abhisheksaini said:
    I have 2 .htaccess files: one in the root folder, and one in the subfolder where vanilla forum is installed.

    Did you tell your support tech about the 2 .htaccess files? Did you tell him where you installed the vanilla forum?

    I'm wondering what's in the .htaccess file in the root of the site.

    In which directory did you want to install Vanilla? What is the contents of the .htaccess file in that directory?

    There was an error rendering this rich post.

  • Options

    @UnderDog:
    I did tell the tech support about these two .htaccess files.
    The root folder is: public_html
    there is a .htaccess file located in this folder
    But I have my vanilla forum installed under: public_html/community
    there is another .htaccess file in this community folder
    In the following two posts I am pasting the content of these two .htaccess files

  • Options
    edited April 2012

    The file located in the public_html folder:

    redirect 301 /index.html http://www.desibits.com/community
    Options +Indexes
    
  • Options
    edited April 2012

    The file located in the public_html/community folder:

    # Original
    # If you modify this file then change the above line to: # Modified
    <IfModule mod_rewrite.c>
       RewriteEngine On
       # Certain hosts may require the following line.
       # If vanilla is in a subfolder then you need to specify it after the /. 
       # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
       RewriteBase /community
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
    </IfModule>
    
  • Options

    Its because of false positives setting off alerts, check your error log then whitelist the script and plugin id.

  • Options

    @H00j: thx....there was a fileupload plugin error in the error log.....
    what exactly is the solution u r proposing.....please advise

  • Options

    From the top of my head, the error message said that you do not have permission to access /community/vanilla on your server, does that mean that vanilla is installed inside a directory called community? Highly unlikely.

    I think something is wrong with some directory settings in your vanilla dashboard. Once we figure this out it's something that needs to be checked.

    There was an error rendering this rich post.

  • Options
    H00jH00j
    edited April 2012


    SecRuleRemoveById 981173
    Options +FollowSymLinks
    RewriteEngine On

    I had to do the same with wordpress, thats what it will look like, if you post the logs i can help you a bit more. This goes in /etc/apache2/sites-enabled/000-default for me, but i think it also works in .htaccess

  • Options

    @UnderDog: Installing in a sub-folder might not be the cause....but there must be some additional steps to this sort of installation???? For example, I did not know to edit the .htaccess file in the vanilla folder to add the path to the subfolder. So, is there a possibility that I am missing some step. Actually, my forum is a new forum. So, right now I do not have anything on there...I am just making few test posts. So, if re-installing the forum can take care of this i will be happy....but again, just want to make sure that it does not happen (and hard to rectify) when my board goes online.

    @H00j: Should I add 'RewriteEngine On' to the .htacces.....Actually I have now cleared the error log....there was was not very much there except that plugin error. :)

  • Options

    The problem is I get this error when i post/edit a discussion having 'http://' text..the error: http://i40.tinypic.com/243ngx5.png

  • Options
    422422 Developer MVP

    So its a path issue.

    There was an error rendering this rich post.

  • Options
    422422 Developer MVP
    edited April 2012

    abhisheksaini said:
    The file located in the public_html folder:

    redirect 301 /index.html http://www.desibits.com/community
    

    Options +Indexes

    Shoudnt that be index.php ? Don't you need / after community?

    There was an error rendering this rich post.

  • Options

    @abhisheksaini please see my PM

    There was an error rendering this rich post.

  • Options

    @422: the tech support of the hosting site told me to add 'Options +Indexes' in the .htaccess file. I am not sure of some of these tech things....I am learning....I will add / after the community
    @UnderDog: thanks.....please check ur pm

Sign In or Register to comment.