CWP Mod_Security Rules

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Slowmin
    New Member
    • Nov 2018
    • 15
    • 5.3.x

    CWP Mod_Security Rules

    Hi there, I am using vB 5.4.5, and having problems with Mod_Security rules, with it enabled, it is restricting certain edits, like custom BBCode.

    I'm using CWP Admin, which has Mod_Security built in, I couldn't really find any threads about vBulletin and CWP for it, I could only find a thread about Wordpress here, but I don't know where to start.

    I mean, I'm glad Mod_Security works, but it stops me from being able to do things I want to do, like add BBCode

    Thanks!
  • In Omnibus
    Senior Member
    • Apr 2010
    • 2310

    #2
    It's safe to disable mod_security on shared servers. It's usually recommended. You can also safely disable suhosin if that is causing issues.

    Comment


    • Wayne Luke
      Wayne Luke commented
      Editing a comment
      I'd disagree with this advice.
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73976

    #3
    There are no topics on how to configure mod_security or suhosin because they are outside the scope of vBulletin technical support. These are server configuration issues. We don't test or develop with them in mind.

    What issues are you having with these modules? You can run a check in the AdminCP under Maintenance Diagnostics to see if their basic settings interfere with the system. Otherwise, you'll need to adjust these on your server to fit your needs.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • Slowmin
      New Member
      • Nov 2018
      • 15
      • 5.3.x

      #4
      Originally posted by Wayne Luke
      There are no topics on how to configure mod_security or suhosin because they are outside the scope of vBulletin technical support. These are server configuration issues. We don't test or develop with them in mind.

      What issues are you having with these modules? You can run a check in the AdminCP under Maintenance Diagnostics to see if their basic settings interfere with the system. Otherwise, you'll need to adjust these on your server to fit your needs.
      I understand, I am hoping someone has some knowledge of these things that they can share, I am happy for any help really! I ran one of the diagnostics and got this:

      mod_security
      AJAX Unicode Issue Yes

      Results
      The above setting will indicate if mod_security is preventing some AJAX requests from being submitted to vBulletin. If this shows Yes then you either need to disable mod_security or change the AJAX settings with the vBulletin Options and disable Problematic features.


      Comment

      • Wayne Luke
        vBulletin Technical Support Lead
        • Aug 2000
        • 73976

        #5
        You can't modify the AJAX settings in vBulletin 5 so you'll need to allow UNICODE via AJAX requests. This is required as part of the AJAX and JSON standards.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...