ok so we can’t use mod_security on the SITE… perfect… we still should be able to use on our other sites, you are not alone you know…
basically did you just check the php_info for a mod_security module ?
We turned it off per Vhost config for cs-cart beta, and YOU STILL don’t want an install…
Im not turning off mod_security on all my sites for you especially out of usa/canada countries, if it was only on me , i would of blocked on out of country traffic to our switches…
So basically how can you MOD your check to not annoy people who have mod_Sec on server but not enabled on this particular config ?
apart from modding app/Installer/Validator EVERY TIME…
public function isModeSecurityDisabled()
{
$checking_result = true;
ob_start();
phpinfo(INFO_MODULES);
$_info = ob_get_contents();
ob_end_clean();
if (strpos($_info, ‘mod_security’) !== false) {
- App::instance()->setNotification(‘E’, App::instance()->t(‘error’), App::instance()->t(‘text_mod_security’), true, 'va$
$checking_result = false;
}
+ $checking_result = true;
return $checking_result;
}
plus since when do you DELETE folders and files on a customers server without telling them ?
/install dir for example ?
If you have mod_security enabled globally on your server then try disabling it only for CSC. In the htaccess file in the root of the CSC install, add the following:
# Disable ModSecurity
SecFilterEngine Off
Since when can't mod_security be used? We have it enabled and run sites with versions 2, 3 and 4 with no problems.
Sent from my EVO using Tapatalk 2
mod_security enabled can cause problems on some servers and it may be necessary to whitelist some rules: http://forum.cs-cart…urity-disabled/