mod_security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    mod_security

    i have a site which is using the wapdesire v2 script, the get.php in the downloads & gallery folders are returning a 406 error, i know its something to do with mod_security and have tried lots of ways to get around it using .htaccess. the server company tells me that they cant change anything as its a shared server yet the last server i used was shared and they fixed the problem straight away.

    here's the get.php file

    Code:
    <?php
    define('WCS',true);
    include('../core/main.inc');
    header_type();
    cleardata();
    if(ipbanned(ip(),browser())){
    if(!shield(getuid_sid($sid))){
    echo head_tag("Ip Blocked!!!",0,0);
    echo ipbanned_msg();
    echo foot_tag();
    exit();
    }
    }
    if(!islogged($sid)){
    echo head_tag("Error!!!",0,0);
    echo session_expired();
    echo foot_tag();
    exit();
    }
    if(banned(getuid_sid($sid))){
    echo head_tag("Error!!!",1,getnick_sid($sid));
    echo banned_msg($sid);
    echo foot_tag();
    exit();
    }
    mysql_query("UPDATE users SET browser='".browser()."', ipaddress='".ip()."', host='".subno()."' WHERE id='".getuid_sid($sid)."'");
    
    /////////////////////////GET FILE/////////////////////////
    
    addonline(getuid_sid($sid),"Downloading File","");
    echo head_tag(getnick_sid($sid)."@Downloading File",1,getnick_sid($sid));
    $title="<b><i>Downloading File</i></b>";
    $path=mysql_fetch_array(mysql_query("SELECT path, hits FROM download_files WHERE id='".$id."'"));
    $get_path=explode("/downloads/",$path[0]);
    $filename=$get_path[1];
    $download=$get_path[0]."/downloads/".$filename;
    $res=mysql_query("UPDATE download_files SET hits='".($path[1]+1)."' WHERE id='".$id."'");
    $main="<p align=".align().">
    <meta http-equiv=Refresh content=1;url=".$download.">
    If Your Download Does Not Start In 5 seconds Click below
    <a href=\"".$download."\">Get File</a>
    </p>\n";
    $main.="<p align=".align().">
    <a href=\"./downloads.php?sid=$sid\">Back</a>
    </p>\n";
    $L1="$sixkey<a $key6 href=\"../inbox/inbox.php?sid=$sid\">Inbox</a>";
    $L2="$sevenkey<a $key7 href=\"../buds/buds.php?sid=$sid\">BuddyList</a>";
    $L3="$eightkey<a $key8 href=\"../chat/public.php?sid=$sid\">Chat</a>";
    $L4="$ninekey<a $key9 href=\"../forums/forums.php?sid=$sid\">Forums</a>";
    $L5="$zerokey<a $key0 href=\"../main.php?sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Main Menu</a>";
    echo xhtml($sid,$title,1,$L1,$L2,$L3,$L4,$L5,0,0,0,$main);
    echo foot_tag();
    exit;
    ?>
    could someone tell me a). whats causing the 406 error and b). how do i fix it

    many thanks

    #2
    Maybe its because your not using quotes on this line:
    PHP Code:
    $main="<p align=".align()."> 

    Comment


      #3
      406 Not Acceptable

      The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

      Unless it was a HEAD request, the response SHOULD include an entity containing a list of available entity characteristics and location(s) from which the user or user agent can choose the one most appropriate. The entity format is specified by the media type given in the Content-Type header field. Depending upon the format and the capabilities of the user agent, selection of the most appropriate choice MAY be performed automatically. However, this specification does not define any standard for such automatic selection.
      Which means that file content header is missing and messed up with the page header.
      Like
      PHP Code:
      header("Content-type:application/pdf");
      header("Content-Disposition:attachment;filename='downloaded.pdf'"); 
      Last edited by arnage; 15.05.11, 15:56.
      <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

      Comment


        #4
        thanks for your replies but i'm still confused, as i said it was a mod_secutrity setting my last host changed nothing to do with the script, ive just mailed him a link to

        mod_security Problem: Error 406 - Not acceptable : server blocking traffic

        and hope this helps

        Comment


          #5
          Np. Well i read the page and didn't see this documentation so maybe it can help u.
          Mod_Security .htaccess tricks
          <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

          Comment


            #6
            Originally posted by arnage View Post
            Np. Well i read the page and didn't see this documentation so maybe it can help u.
            Mod_Security .htaccess tricks
            Thanks had a look through it and nothing seems to work, i'll just have to wait for a response to my latest ticket, i think there maybe some override setting stopping me from controlling mod_security from .htaccess
            Last edited by woody; 15.05.11, 20:01.

            Comment

            Working...
            X