Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

mod_secure should be disabled Rate Topic   - - - - -

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 09 August 2013 - 08:58 AM #1

Hello,

I've downloaded the CSC Ultimate version and installed it on MAMP/Locahost without any problem.
I found this version much better than the professional 2.1.1 version I'm using on my website so I decided to install it on my host server for testing before to buy a licence.

During the first step of installation the Checking requirements fails :
Fail mod_secure enabled
mod_secure should be disabled

I've tried to find a solution on the forums, but couldn't understand what to do...
On my host - infomaniak.ch - mod_security is global and can't be desabled (found that information on the FAQ's)

Is there a way to install this version on my server ?

 
  • tletourneau
  • Senior Member
  • Members
  • Join Date: 13-Apr 07
  • 179 posts

Posted 12 August 2013 - 01:25 PM #2

Generally mod_security does not need to be completely disabled. The are 4-5 rules that need to be disabled and that can be done per domain.

Sent from my EVO using Tapatalk 2


Thanks,
Tom
Version - 3.0.4
Hosting - RangeHosting.us

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 12 August 2013 - 06:14 PM #3

Generally mod_security does not need to be completely disabled. The are 4-5 rules that need to be disabled and that can be done per domain.

Sent from my EVO using Tapatalk 2


Can you tell me how to do that on my host ?

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 12 August 2013 - 06:15 PM #4

Generally mod_security does not need to be completely disabled. The are 4-5 rules that need to be disabled and that can be done per domain.

Sent from my EVO using Tapatalk 2


Sorry : 1st -> thank you for the answer !

 
  • tletourneau
  • Senior Member
  • Members
  • Join Date: 13-Apr 07
  • 179 posts

Posted 13 August 2013 - 06:33 PM #5

The rules to ignore are:
950904
950906
959007
950107

There are a few ways to do it depending on how your host is setup. They should be able to disable the requested rules for just your domain on request. If they can't google "disable mod_security rules by ID" to see if one of those options work for you. If they do not then you may want to consider changing hosting companies. Any of the hosts listed in the Marketplace -> Third party Solutions ->Compatible Hosting will work with CS-Cart without issue. I personally like RangeHosting.
Thanks,
Tom
Version - 3.0.4
Hosting - RangeHosting.us

 
  • zeero6
  • Senior Member
  • Members
  • Join Date: 25-Jan 07
  • 649 posts

Posted 13 August 2013 - 08:24 PM #6

I had a different issue with Globals and was able to resolve it and install it by changing the Globals report to false in validator.php. Check in install/app/installer/validator.php. Line 387 /**
* Check if ModeSecurity is disabled. PS Mine was reporting Register Globals wrong since the Register Globals were already disabled in the Server

Version 4.9.3 SP1


 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 21 August 2013 - 03:08 PM #7

@tletourneau : I asked my hosting companie, but there is no way to ignore rules ! They don't want to do it.

I had no problem with previous version of CSC, and don't want to change my hosting companie just because of an upgrade. Will try to look for other people hosted on Infomaniak servers and using CSC. I' can't be the only one in switzerland...

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 21 August 2013 - 03:11 PM #8

I had a different issue with Globals and was able to resolve it and install it by changing the Globals report to false in validator.php. Check in install/app/installer/validator.php. Line 387 /**
* Check if ModeSecurity is disabled. PS Mine was reporting Register Globals wrong since the Register Globals were already disabled in the Server


@zeero6 : Thank you. I will try the workaround with Line 387 in validator.php and tell you soon if it works for me.

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 27 August 2013 - 08:51 AM #9

The workaround with line 387 worked fine. I could install CSC on my server !

I'm still a little bit woried about the fact that the mod_secure isn't disabled -> can I take the risk to use CSC with this configuration ? Have I to test something before buying a licence ?

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 29 August 2013 - 04:06 PM #10

The workaround with line 387 worked fine. I could install CSC on my server !

I'm still a little bit woried about the fact that the mod_secure isn't disabled -> can I take the risk to use CSC with this configuration ? Have I to test something before buying a licence ?


I'm working since 2-3 days on my future version, without any problem.

But I would like to be sure about the mod_secure setting of my server ?

 
  • zeero6
  • Senior Member
  • Members
  • Join Date: 25-Jan 07
  • 649 posts

Posted 29 August 2013 - 05:33 PM #11

I found this. Can be disabled per domain in htaccess http://www.webhostin...ad.php?t=888019

Version 4.9.3 SP1


 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 29 August 2013 - 07:38 PM #12

I found this. Can be disabled per domain in htaccess http://www.webhostin...ad.php?t=888019

Thanks @zeero6, I'll try it.

 
  • ymul
  • Member
  • Trial users
  • Join Date: 09-Aug 13
  • 41 posts

Posted 25 September 2013 - 10:03 AM #13

I'm still working on my new version, without any problem. Since I don't know the risks when disabling mod_secure, I will not try to do it if everything is working well... Thanks for the answers.

 
  • 2020
  • Senior Member
  • Members
  • Join Date: 11-Feb 07
  • 509 posts

Posted 25 September 2013 - 09:06 PM #14

I installed the 4.0.2 alpha and noticed that the installer didn't complain about mod_secure like it did with 4.0.1.

 
  • joshin
  • Member
  • Members
  • Join Date: 23-Jan 08
  • 146 posts

Posted 06 October 2013 - 08:38 AM #15

Hi guys, I'm also having the same problem. I cannot get past this mod_secure thing!

I tried editing the php as suggested but I'm not sure I'm making the right changes, because it hasn't worked for me. I tried changing anything mod_secure from "true" to "false" individually with no luck.

Could someone help me find the right spot in this code?

_______________________________________________________

/**
* Check if ModeSecurity is disabled
*
* @return bool true if disabled
*/
public function isModeSecurityDisabled()
{
$checking_result = true;
ob_start();
phpinfo(INFO_MODULES);
$_info = ob_get_contents();
ob_end_clean();
if (strpos($_info, 'mod_security') !== false) {
App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');
$checking_result = false;
}
return $checking_result;
}

___________________________________________________________________


I also tried adding the code to htaccess as suggested with no luck.

Also, my hosting company said that they disabled the mod_secure for my domain and don't know how else how to help me.

As you can see I've been stuck here a while! I'd really appreciate any help!
Using 4.1.5

 
  • idslamyou
  • Member
  • Members
  • Join Date: 06-Apr 07
  • 148 posts

Posted 02 April 2014 - 03:50 PM #16

I'm running into the same problem, but it seems the code in validator.php has changed. I did remove this snippet of code in there, but still got the warning. How do we bypass this on v4.1.3 fresh install?
    /**
	 * Check if ModeSecurity is disabled
	 *
	 * @return bool true if disabled
	 */
    public function isModeSecurityDisabled()
    {
	    $checking_result = parent::isModeSecurityDisabled();
	    if (!$checking_result) {
		    App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');
	    }
	    return $checking_result;
    }


 
  • dirtyimpreza
  • Junior Member
  • Members
  • Join Date: 11-Apr 11
  • 22 posts

Posted 13 August 2014 - 03:46 AM #17

I'm running into the same problem, but it seems the code in validator.php has changed. I did remove this snippet of code in there, but still got the warning. How do we bypass this on v4.1.3 fresh install?

	/**
	 * Check if ModeSecurity is disabled
	 *
	 * @return bool true if disabled
	 */
	public function isModeSecurityDisabled()
	{
		$checking_result = parent::isModeSecurityDisabled();
		if (!$checking_result) {
			App::instance()->setNotification('E', App::instance()->t('error'), App::instance()->t('text_mod_security'), true, 'validator');
		}
		return $checking_result;
	}


It is similar in 4.2.1 as well, how can we get around the mod_secure check?

    /**
	 * Check if ModeSecurity is disabled
	 *
	 * @return bool true if disabled
	 */
    public function isModeSecurityDisabled()
    {
	    $checking_result = parent::isModeSecurityDisabled();
	    return $checking_result;
    }

I've looked into using .htaccess file as well, both by trying things found by Google searching:

<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950904
SecRuleRemoveById 950906
SecRuleRemoveById 959007
SecRuleRemoveById ​950107
</IfModule>
</LocationMatch>

and

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

There has to be an easier way to install CS-Cart 4 on my server. We didn't have any of these issues with 3.X. :?