0

I've searched around a lot, and tried various tweaks to .htaccess files to try to turn off mod_security for a particular cgi script (uber uploader) but it doesn't seem to have any effect.

The most popular one I see rehashed all over the web is:


# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn't needed,
# but better safe than sorry.
SecFilterScanPOST Off

Which looks relative simple to me - if "SecFilterEngine" is in some way related to mod_security of course. Shame it has absolutely no effect!

Does anyone have a suggested way I can simply disable it for a request to any file in my cgi-bin directory?

Hippyjim
  • 191
  • 2
  • 6
  • 19

2 Answers2

1

From memory Dreamhost won't allow you to turn off mod_security. Are you sure that it is a mod_security problem? Dreamhost need you to run scripts with very specific chmod values, and that's always been the problem I've had. It might help to show any error messages you're getting, and related entries in your error log.

Also ask Dreamhost if you're sure it's a problem with mod_security. They won't be able to turn it off for you, but may be able to suggest some work arounds or alternatives. They're incredibly slow at responding and aren't always able to help, but sometimes you get lucky.

WheresAlice
  • 5,290
  • 2
  • 23
  • 20
  • Yup, it seems there's been an upgrade to the apache and mod_security versions they're using, and .htaccess files can no longer disable it = i'd have to disable mod_security for the whole domain. Tried that on a subdomain, and everythign "just worked", so it's defeinitely that....so I've hacked it all a bit to work cross domain, and all is good (if not ideal). Thanks anyways. – Hippyjim Apr 27 '10 at 12:33
0

Thought I'd post on here something that might help folk get Ubr working on Dreamhost hosted sites.

I have a Concrete5 website on Dreamhost and have used Ubr to handle my media uploads for a podcast system. I ran into severe problems with the old flength issue and then with the progress bar not completing and hence the redirect script never triggering.

Firsly, I turned off FastCGI in the Dreamhost control panel - that was causing real problems with Concrete5.

I found that I needed to use the following block in an .htaccess file actually in the cgi-bin folder off my webroot:

Turn off mod_security filtering.

SecFilterEngine Off

The below probably isn't needed,

but better safe than sorry.

SecFilterScanPOST Off

When I tried using similar blocks in an .htaccess file in my webroot, my Concrete5 site stopped working.

I also did:

dos2unix ubr_upload.pl chmod 0755 ubr_upload.pl dos2unix .htaccess chmod 0644 .htaccess

I set $TEMP_DIR in both ubr_ini.php and ubr_upload.pl to /tmp/ubr_temp/ and let the CGI create this folder itself. I also never touched its permissions or ownership.

It took me a good part of three days to cure this - hope its of some help to others!