mod_Security

ok so we can't use mod_security on the SITE… perfect… we still should be able to use on our other sites, you are not alone you know…



basically did you just check the php_info for a mod_security module ?



We turned it off per Vhost config for cs-cart beta, and YOU STILL don't want an install…



Im not turning off mod_security on all my sites for you especially out of usa/canada countries, if it was only on me , i would of blocked on out of country traffic to our switches…



So basically how can you MOD your check to not annoy people who have mod_Sec on server but not enabled on this particular config ?



apart from modding app/Installer/Validator EVERY TIME…



public function isModeSecurityDisabled()

{

$checking_result = true;



ob_start();

phpinfo(INFO_MODULES);

$_info = ob_get_contents();

ob_end_clean();



if (strpos($_info, 'mod_security') !== false) {

- App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'va$



$checking_result = false;

}



+ $checking_result = true;

return $checking_result;

}

plus since when do you DELETE folders and files on a customers server without telling them ?



/install dir for example ?

If you have mod_security enabled globally on your server then try disabling it only for CSC. In the htaccess file in the root of the CSC install, add the following:


# Disable ModSecurity
SecFilterEngine Off

Since when can't mod_security be used? We have it enabled and run sites with versions 2, 3 and 4 with no problems.



Sent from my EVO using Tapatalk 2


mod_security enabled can cause problems on some servers and it may be necessary to whitelist some rules: http://forum.cs-cart…urity-disabled/