CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

mod_security, whats the deal?

https://forum.cmsmadesimple.org/viewtopic.php?t=33700

Page 1 of 1

mod_security, whats the deal?

Posted: Tue May 12, 2009 2:55 pm
by louisk
I have been using CMSMS for a while now, and I love it and everything worked like a charm until a couple of days ago  :-\.

I can't save newly created templates  >:(

After some searching I figured out that it's the security module of Apache.

Now, I understand that security is important but whats the point if you can't even use your app anymore?  ???

Like a lot of people I don't have any control over the apache installation and my hosting provider doesn't want to disable the security mod. Also, I can't get any logs. The hosting comp. states that if your app requires the security mod to be disabled, it's not a secure app and shouldn't be used.
So, basically, I'm scr***d  :o.

How can I get CMSMS to save my templates as it should? Is it just a simple tweak?
More people are experiencing these kind of problems.

Re: mod_security, whats the deal?

Posted: Tue May 12, 2009 7:22 pm
by reneh
First - I'm no expert in this!

But I would mean CMS Made simple can work on servers with mod_security - IF the mod_security is configured GOOD. Sometimes its some small glitches in function, but mostly its still posible to use the cms.

(safe_mode on other side is not supported on CMS Made Simple.)

Re: mod_security, whats the deal?

Posted: Wed May 13, 2009 3:37 am
by viebig
just disable mod_security which is great for really insecure systems, not the case of cmsms.

Keeping a upgraded cmsms on your site will prevent security risks, better than any apache mod/filter can do.

Mod security prevents many applications to run correctly. My experience(and further discussions) makes mod_security a resource cost on the server and a real minimal level of protection.

Regards

Re: mod_security, whats the deal?

Posted: Tue May 19, 2009 3:48 pm
by Pierre M.
Hello,
louisk wrote: After some searching I figured out that it's the security module of Apache.

... and my hosting provider doesn't want to disable the security mod. Also, I can't get any logs.

... Is it just a simple tweak?
See in the forum posts about "security policy" and "mod_security" : CMSms and mod_security work perfectly well together. It is a "simple tweak" away for any capable hosting provider to tune its policy. CMSms hopefully doesn't require mod_security to be disabled.

Shame on bad hosting providers who charge their customers and don't provide service.

Pierre M.

Re: mod_security, whats the deal?

Posted: Tue May 19, 2009 6:54 pm
by viebig
check if you can override some policies of mod_security in htaccess
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited