mod_security, whats the deal?

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
louisk
Forum Members
Forum Members
Posts: 89
Joined: Wed May 30, 2007 7:40 pm

mod_security, whats the deal?

Post by louisk »

I have been using CMSMS for a while now, and I love it and everything worked like a charm until a couple of days ago  :-\.

I can't save newly created templates  >:(

After some searching I figured out that it's the security module of Apache.

Now, I understand that security is important but whats the point if you can't even use your app anymore?  ???

Like a lot of people I don't have any control over the apache installation and my hosting provider doesn't want to disable the security mod. Also, I can't get any logs. The hosting comp. states that if your app requires the security mod to be disabled, it's not a secure app and shouldn't be used.
So, basically, I'm scr***d  :o.

How can I get CMSMS to save my templates as it should? Is it just a simple tweak?
More people are experiencing these kind of problems.
Top
reneh
Dev Team Member
Dev Team Member
Posts: 446
Joined: Tue Nov 28, 2006 8:39 pm

Re: mod_security, whats the deal?

Post by reneh »

First - I'm no expert in this!

But I would mean CMS Made simple can work on servers with mod_security - IF the mod_security is configured GOOD. Sometimes its some small glitches in function, but mostly its still posible to use the cms.

(safe_mode on other side is not supported on CMS Made Simple.)
ReneH 8-)
A search will save you hours waiting for an answer! Image
Top
viebig

Re: mod_security, whats the deal?

Post by viebig »

just disable mod_security which is great for really insecure systems, not the case of cmsms.

Keeping a upgraded cmsms on your site will prevent security risks, better than any apache mod/filter can do.

Mod security prevents many applications to run correctly. My experience(and further discussions) makes mod_security a resource cost on the server and a real minimal level of protection.

Regards
Top
Pierre M.

Re: mod_security, whats the deal?

Post by Pierre M. »

Hello,
louisk wrote: After some searching I figured out that it's the security module of Apache.

... and my hosting provider doesn't want to disable the security mod. Also, I can't get any logs.

... Is it just a simple tweak?
See in the forum posts about "security policy" and "mod_security" : CMSms and mod_security work perfectly well together. It is a "simple tweak" away for any capable hosting provider to tune its policy. CMSms hopefully doesn't require mod_security to be disabled.

Shame on bad hosting providers who charge their customers and don't provide service.

Pierre M.
Top
viebig

Re: mod_security, whats the deal?

Post by viebig »

check if you can override some policies of mod_security in htaccess
Top
Post Reply

Return to “CMSMS Core”