Search term with apostrophe gives 403 error

**Marco van Herwaarden** · Thu 7 Sep '06, 8:44am

I can not duplicate this problem here at vbulletin.com.

To troubleshoot this, please remove any hacks and disable your plugins, then see if you still have this problem.
Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

If so, reupload all the original vB non-image files (except install.php). Make sure you upload these in ASCII format and overwrite the ones on the server.

If your problem still exists, please create a new Style with no Parent set. Now browse the forum using this new style, do you still have the same problems?

**Freddie Bingham** · Thu 7 Sep '06, 9:00am

Probably a mod_security issue

**cfish** · Thu 7 Sep '06, 9:19am

OK, I disabled all plugins using your config.php change and I set the style back to the default vB style so no products/plugins or template hacks were being used. No other files have been altered.

I also changed the characterset back to the default (I was using UTF-8).

The problem is still there.

Since I still seem to have this problem with a "virgin" vB board, I'm guessing this must be a server/apache issue?

Any ideas?

**cfish** · Thu 7 Sep '06, 9:46am

Bingo!

Originally posted by Freddie Bingham

Probably a mod_security issue

OK, so I added a .htaccess file to my forum folder as described in this thread: http://www.vbulletin.com/forum/showthread.php?t=167121

...and everything now works as it should.

I don't know what mod_security is but it looks like the .htaccess just turns it off. Is this a good idea? Is there a better way to configure mod_security rather than just turning it off?

**cfish** · Thu 7 Sep '06, 10:35pm

Unhappy Web Host

My web host was VERY unhappy about Zachery's .htaccess fix and I have been asket to remove it. They believe this is a major compromise to security.

So, what I need to know is: what is the best way to configure mod_security to allow vB to function correctly?

**cfish** · Fri 8 Sep '06, 11:17am

A solution

The problem has now been solved with a tweak to the mod_security filter.

This is the bit:

#SecFilterSelective ARG_highlight "(\x27|%27|\x2527|%2527)"

**Freddie Bingham** · Fri 8 Sep '06, 11:50am

If your webhost doesn't like you disabling mod_security via .htaccess then they shouldn't have it configured to allow you to disable it.

**cfish** · Fri 8 Sep '06, 11:56am

They don't allow it at all on their shared and reseller servers but I have a little more control, being on a VPS.

However, it does look as though the issue is now resolved but it would be good to know what the recommended settings for mod_security are for a pain-free vBulletin deployment.

Search term with apostrophe gives 403 error

Search term with apostrophe gives 403 error

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment