YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Page Index Toggle Pages: 1
Topic Tools
 
403/406 Errors (Read 2,948 times)
 May 17th, 2008 at 5:44pm
There are no actions to perform.  
Captain John 
Ex Member


None
403/406 Errors
Seems a few Hosts are configuring Mod_Security with very strict rules, causing many PM posting issues.    See this thread ... http://www.yabbforum.com/community/YaBB.pl?num=1208605084/6#6

 Note: attempting to turn off Mod_security in .htaccess files, is even now being eliminated as a work around.

Note: Send New PM ... works.  Reply doesn't

Okay .. trying to reply to PM ...

http://xxxx.xxx/forum/YaBB.pl?action=imsend;caller=1;reply=1;to=52575E5A5D330;id....
Not Acceptable

An appropriate representation of the requested resource /forum/YaBB.pl could not be found on this server.

deti

(Y2.2.1 forum) reply to PM

http://xxxx.xxx/forum/YaBB.pl?action=imsend&caller=1&reply=1&to=52575E5A5D330&id....

Worked !  PM reply made
« Last Edit: May 19th, 2008 at 9:37pm by N/A »  
 
IP Logged  
 Reply #1 - May 18th, 2008 at 5:41pm
There are no actions to perform.  

deti 
Legacy Dev Team
Development Team
****
Offline
Posts: 2,650
Prien am Chiemsee, Germany


None
Re: 403/406 Errors
See my workaround at http://www.yabbforum.com/community/YaBB.pl?num=1208605084/55#55
Please do NOT update this workaround in CVS it is only a workaround not a fix!!!

Can someone of the older developers tell me why you used ; in some of the URLs instead of the usual & ?!
« Last Edit: May 19th, 2008 at 8:34am by deti »  
Was immer Du tun kannst
oder erträumst tun zu können,
beginne es.
Kühnheit besitzt Genie,
Macht und magische Kraft.
Beginne es jetzt.
Whatever you can do
or dream you can,
begin it.
Boldness has genius,
power and magic in it.
Begin it now.
J. W. Goethe
WWW  
IP Logged  
 Reply #2 - May 19th, 2008 at 9:40pm
There are no actions to perform.  
Captain John 
Ex Member


None
Re: 403/406 Errors
deti Quote:
Now, please try this workaround:

Add the highlighted between the lines shown below.
Sources/Subs.pl (YaBB 2.2.1 Revision: 1.129.2.25):

Code Select All
 475	$output =~ s~(img src\=\"$imagesdir\/.+?)title\=\"(.*?)\"(.*? \/\>)~$1$3~oig;
 476	$output =~ s~alt\=\"(.*?)\"~alt\=\"$1\" title\=\"$1\"~ig;
 477	$output =~ s~</form>~$addsession~g;
 478
	 # Start workaround to substitute all ';' by '&' in all URLs
	 # This workaround solves problems with servers that use mod_security
	 # in a very strict way. (error 406)
	 $output =~ s/($scripturl\?)([^'"]+)/ $1 . &URL_modify($2) /eg;
	 sub URL_modify { my $x = shift; $x =~ s/;/&/g; $x; }
	 # End Workaround

 479	if ($yycopyin == 0) {
 480		$output = q~<center><h1><b>Sorry, the copyright tag <yabb copyright> must be in the template.<br />Please notify this forum's administrator that this site is using an ILLEGAL copy of YaBB!</b></h1></center>~;
 481	}
 482	# do output 




I think you can add the highlighted at the same place in the YaBB 2.2 and may be also in the 2.1 code. Allways near the end of the template subroutine.

(Y2.1 - insert above
Code Select All
	if ($yycopyin == 0) { 



Users report Change works !!!!!!
« Last Edit: May 19th, 2008 at 9:41pm by N/A »  
 
IP Logged  
 Reply #3 - May 26th, 2008 at 2:24pm
There are no actions to perform.  

Spikecity 
YaBB Legends (Inactive)
*
Offline
Posts: 7,981
Third rock from the sun !


None
Re: 403/406 Errors
deti wrote on May 18th, 2008 at 5:41pm:
See my workaround at http://www.yabbforum.com/community/YaBB.pl?num=1208605084/55#55
Please do NOT update this workaround in CVS it is only a workaround not a fix!!!

Can someone of the older developers tell me why you used ; in some of the URLs instead of the usual & ?!



Who are you calling old???? Tongue

The reason for using ; instead of & is the fact that the Perl convention has described these two special characters as following:

; termination of command line
& call subroutine

In fact using & in the url will give you direct access to subroutines within YaBB without having to pass through YaBB.pl.
Not if a forum is properly secured using the supplied .htaccess files which disallow direct calls to subscripts, but on Windows IIS servers which do not support .htaccess this opens up a huge hole in security.

As the termination character has no other special meaning in Perl other then terminating a command line, this is the preferred method of separating commands in something easily to manipulate stuff as url's and form data.
 
...
 
IP Logged  
 Reply #4 - Jun 22nd, 2008 at 3:01pm
There are no actions to perform.  

deti 
Legacy Dev Team
Development Team
****
Offline
Posts: 2,650
Prien am Chiemsee, Germany


None
Re: 403/406 Errors
I think we can consider this problem as fixed. I introduced the workaround in the Subs.pl (line 519-525) and commented it out. So, if someone has this problem again we can tell him in our support borards that he only has to delete the two # in front of the two lines and then it will work for him.

New Subs.pl in CVS
 
Was immer Du tun kannst
oder erträumst tun zu können,
beginne es.
Kühnheit besitzt Genie,
Macht und magische Kraft.
Beginne es jetzt.
Whatever you can do
or dream you can,
begin it.
Boldness has genius,
power and magic in it.
Begin it now.
J. W. Goethe
WWW  
IP Logged  
 Reply #5 - Jun 30th, 2008 at 8:36pm
There are no actions to perform.  

EquineHelp 
Full Member
***
Offline
Posts: 468
Cumbria, UK


None
Re: 403/406 Errors
Right so all I need to do is to get a fresh copy of Subs.pl and over-write the one thats on my forum already ?

Where do I get this from ?
 
 
IP Logged  
 Reply #6 - Jun 30th, 2008 at 11:51pm
There are no actions to perform.  

OH Eng 
Past Team Members
Documentation Team
Offline
Posts: 4,026
Pensacola, Florida USA


None
Re: 403/406 Errors
EquineHelp wrote on Jun 30th, 2008 at 8:36pm:
Right so all I need to do is to get a fresh copy of Subs.pl and over-write the one thats on my forum already ?

Where do I get this from ?


here
 
 
OH Eng  
IP Logged  
 Reply #7 - Jul 1st, 2008 at 7:49am
There are no actions to perform.  

Jet Li 
Legacy Dev Team
Development Team
****
Offline
Posts: 6,588
Hong Kong


None
Re: 403/406 Errors
OH Eng wrote on Jun 30th, 2008 at 11:51pm:
EquineHelp wrote on Jun 30th, 2008 at 8:36pm:
Right so all I need to do is to get a fresh copy of Subs.pl and over-write the one thats on my forum already ?

Where do I get this from ?


here

wrong version, OH Eng. See changes on detis quote above.  Wink

Search in Subs.pl
Code Select All
	if ($yycopyin == 0) { 



add before

Code Select All
	# Start workaround to substitute all ';' by '&' in all URLs
	# This workaround solves problems with servers that use mod_security
	# in a very strict way. (error 406)
	# Take the comments out of the following two lines if you had this problem.
	# $output =~ s/($scripturl\?)([^'"]+)/ $1 . &URL_modify($2) /eg;
	# sub URL_modify { my $x = shift; $x =~ s/;/&/g; $x; }
	# End of workaround
 

 
...
PM me for YaBB Installation Service
WWW Jet Li 100000788351637  
IP Logged  
 Reply #8 - Jul 1st, 2008 at 8:17am
There are no actions to perform.  

EquineHelp 
Full Member
***
Offline
Posts: 468
Cumbria, UK


None
Re: 403/406 Errors
Sorted  Smiley Thank you
 
 
IP Logged  
Page Index Toggle Pages: 1
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.