403 Error
3 posts by 2 authors in: Forums > CMS Builder
Last Post: January 19, 2012 (RSS)
By benedict - January 18, 2012
Hi guys,
We are getting a 403 error every time we upload an image into the CMS.
[Wed Jan 18 09:21:01 2012] [error] [client 202.165.205.130] mod_security: Access denied with code 403. Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"] [hostname "www.customersurl.com"] [uri "/cmsAdmin/admin.php"] [unique_id "TxaO@cqS02QAABCxEyk"]
The host reckons:
It appears that your CMS is generating a malformed request, i.e. - Multipart: final boundary missing.
Any ideas? I'd back you guys every time b/c I;'ve installed the CMS heaps of times and never had a problem, but you never know...
We are getting a 403 error every time we upload an image into the CMS.
[Wed Jan 18 09:21:01 2012] [error] [client 202.165.205.130] mod_security: Access denied with code 403. Error processing request body: Multipart: final boundary missing [severity "EMERGENCY"] [hostname "www.customersurl.com"] [uri "/cmsAdmin/admin.php"] [unique_id "TxaO@cqS02QAABCxEyk"]
The host reckons:
It appears that your CMS is generating a malformed request, i.e. - Multipart: final boundary missing.
Any ideas? I'd back you guys every time b/c I;'ve installed the CMS heaps of times and never had a problem, but you never know...
Re: [benedict] 403 Error
By Dave - January 18, 2012
Hi Benedict,
It looks like your host is running an optional web server module called "mod_security" (http://www.modsecurity.org/). We've seen a lot of false error reports from mod_security in the past, so we try to disable it by default in /cmsAdmin/.htaccess, but that only works for hosts that check for .htaccess files.
A bit of google'ing suggests that this particular error is due to a bug in the way flash works and problem with mod_security accidentally reporting it as an attack.
Here's some other products and vendors with the same problem:
Drupal: http://drupal.org/node/473520
Wordpress: http://core.trac.wordpress.org/ticket/6278
Fancy Upload (search for 403): http://digitarald.de/project/fancyupload/
SWFUpload (search for Apache): http://demo.swfupload.org/Documentation/#knownissues
Uploadify (we use this one): http://www.uploadify.com/forums/discussion/6282/uploadify-script-does-not-work-with-mod_security-enabled/p1
And it looks like mod_security is working on fixing it:
https://www.modsecurity.org/tracker/browse/MODSEC-21
I'd try asking your host to disable mod_security, or upgrading it to not report that invalid error. Or just disable the flash uploader under: Admin > General.
Hope that helps!
It looks like your host is running an optional web server module called "mod_security" (http://www.modsecurity.org/). We've seen a lot of false error reports from mod_security in the past, so we try to disable it by default in /cmsAdmin/.htaccess, but that only works for hosts that check for .htaccess files.
A bit of google'ing suggests that this particular error is due to a bug in the way flash works and problem with mod_security accidentally reporting it as an attack.
Here's some other products and vendors with the same problem:
Drupal: http://drupal.org/node/473520
Wordpress: http://core.trac.wordpress.org/ticket/6278
Fancy Upload (search for 403): http://digitarald.de/project/fancyupload/
SWFUpload (search for Apache): http://demo.swfupload.org/Documentation/#knownissues
Uploadify (we use this one): http://www.uploadify.com/forums/discussion/6282/uploadify-script-does-not-work-with-mod_security-enabled/p1
And it looks like mod_security is working on fixing it:
https://www.modsecurity.org/tracker/browse/MODSEC-21
I'd try asking your host to disable mod_security, or upgrading it to not report that invalid error. Or just disable the flash uploader under: Admin > General.
Hope that helps!
Dave Edis - Senior Developer
interactivetools.com
interactivetools.com
Re: [Dave] 403 Error
By benedict - January 19, 2012
Thanks Dave, we disabled the flash uploader and this has eliminated the problem. Much appreciated!