Problem with vbulletin and mod_security

Technical support for general webhosting clients and questions relating to their webhosting services.

Moderator: Admins

Post Reply
J. Digory
newbie
Posts: 8
Joined: Sun Aug 15, 2004 1:00 am

Problem with vbulletin and mod_security

Post by J. Digory »

Not Acceptable
An appropriate representation of the requested resource /main/admincp/css.html could not be found on this server.

This error happens from time to time with different files, and vbulletin support staff say it is related to mod_security, and that it should either be disabled or vbulletin be enabled.

This is not the first time I have seen the error, and I am not the first person to encounter it. It seems to have no pattern, and happens seemingly at random.

http://www.vbulletin.com/forum/showthre ... d+resource
porcupine
Site Admin
Posts: 703
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Post by porcupine »

Hello J. Digory,

Mod_security is indeed an apache module, and the idea is that it performs exactly what the name implies (security role).

Anyone who tells you to ask a host to remove mod_security, or have it disabled for vbulletin is more then likely a fool. Mod_security is a very usefull tool, though an even more useless one when disabled (or when content is specifically not checked).

Much like a virus scanner, you would require ultimate confidence in a program (in this case vbulletin) to have your virus scanner completely ignore it for example. Forums are a ripe target for exploitation attempts, buffer overflows, and other nasty things that mod_security effectively filters.

If you are seeing a 406 error, its best to note what content was input, what domain it was on, and contact the server administrator immediatly. The administrator can quickly scan through the mod_security audit_logs, and determine which "ruleset" was interfering with regular day-to-day operations and either remove, or modify the given ruleset.

While the patterns may appear random, they are often fairly close to it, based on what the kids nowdays are using to exploit web-scripts, and attack web-servers with, content which should not normally be encountered on a day-to-day basis.
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
J. Digory
newbie
Posts: 8
Joined: Sun Aug 15, 2004 1:00 am

Post by J. Digory »

Thanks, sir. I guess I'll email you guys, since as far as I know, you're the server admin? Anyway, I'll send an email when I next try to build my vbulletin style again, and run into an error.
porcupine
Site Admin
Posts: 703
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Post by porcupine »

J. Digory wrote:Thanks, sir. I guess I'll email you guys, since as far as I know, you're the server admin? Anyway, I'll send an email when I next try to build my vbulletin style again, and run into an error.
Thats correct,

Simply email, or open a helpdesk ticket if/when you run across the problem again.
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
J. Digory
newbie
Posts: 8
Joined: Sun Aug 15, 2004 1:00 am

Post by J. Digory »

I emailed the details to the admin, and within minutes the problem was dealt with. Excellent work!
porcupine
Site Admin
Posts: 703
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Post by porcupine »

J. Digory wrote:I emailed the details to the admin, and within minutes the problem was dealt with. Excellent work!
Good stuff, enjoy! :)
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
Post Reply