Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
Can someone please post the proper codes to add in the .htaccess file?
I've read all the threads concerning 400, 500, etc. codes, but all I can find is the instruction for disabling mod_security completely.
I don't want to disable mod_security completely, I just want to disable it for the urls "/fupload/flash" & "?q=fupload/flash".
Thanks.
Comments
Comment #1
bemcapaz CreditAttribution: bemcapaz commentedIm with the same doubt
Comment #2
tevih CreditAttribution: tevih commentedme too, please!
Comment #3
disparil CreditAttribution: disparil commentedTry this..
Comment #4
grandcat CreditAttribution: grandcat commentedComment #5
valel46 CreditAttribution: valel46 commentedHi dispa,
Thanks for the suggestion, unfortunately it didn't work.
However, I got it working by setting the site to online mode without adding anything in .htaccess, apparently Image FUpload doesn't work in offline mode.
Comment #6
grandcat CreditAttribution: grandcat commentedA personal problem shouldn't be the reason to mark a node as "critical"!
The "not found" problem appears on some environments which can be fixed by some easy methods:
* resaving all cck related things and other image (fupload) related things
* execute update.php
Comment #7
valel46 CreditAttribution: valel46 commentedIt seems like I'm not the only one having the same problem, this is why I marked critical, sorry.
About the "not found" problem, thanks for the suggestion, but I solved it with another solution, all I had to do was save the settings in the FUpload settings page in the admin panel.
Comment #8
valel46 CreditAttribution: valel46 commentedgrandcat,
English isn't my first language, I re-read your post and I believe your solution is the same as the one I used, thanks.
Comment #9
.Johnny CreditAttribution: .Johnny commentedIf above code from #3 dispa does not work, try this instead:
SetEnvIfNoCase Request_URI /fupload/flash$ MODSEC_ENABLE=Off
SetEnvIfNoCase Request_URI /index.php?q=fupload/flash$ MODSEC_ENABLE=Off
dispa's suggestion only works if you run drupal on the root of your server. ^ in above code means "beginning of the line" and the URL against which the test is performed is everything past your hostname.
So if your drupal runs on http://yourhost/drupal/ then above should be:
SetEnvIfNoCase Request_URI ^/drupal/fupload/flash$ MODSEC_ENABLE=Off
SetEnvIfNoCase Request_URI ^/drupal/index.php?q=fupload/flash$ MODSEC_ENABLE=Off
or leave out the ^, like I did so it only matches the end of Request_URI.
By the way, I've been fighting this bug also for hours, and yes it is a bug because it doesn't log any proper error nor does it notify me of the problem with the configuration. If we can figure out mod_security is the problem, then why can't the script tell us in the first place?
Comment #10
SCaV3NG3R CreditAttribution: SCaV3NG3R commentedSame issue.
I've tried the solutions in numbers 3 and 9, as well as
[quote]* resaving all cck related things and other image (fupload) related things
* execute update.php[/quote] from 6, and no luck.
Still get "error 403" and that's that.
I'll keep trying for a little while more before giving up.
Comment #11
castawaybcn CreditAttribution: castawaybcn commentedsame here, but I am getting an "error 303" instead.
I tried both #3 and #9 solutions as well as running update.php
However, I don't quite understand what this means
[quote]* resaving all cck related things and other image (fupload) related things [/quote]
Do I have to reopen and resave all cck fields in the node?
Comment #12
Ildar Samit CreditAttribution: Ildar Samit commentedI've tried disabling mod_security completely, and even that didn't solve the problem (503 error).
Comment #13
minus CreditAttribution: minus commentedshould this be added to the apache2.conf or .htaccess on the drupal directory?
Tnx :-)
Comment #14
grandcat CreditAttribution: grandcat commentedNormally into the Apache config. Please ask your administrator to do it.
Edit:
Sometimes, it also works to add the config into the .htaccess:
http://drupal.org/node/297452#comment-2453598
Comment #15
minus CreditAttribution: minus commentedThank you grandcat :-)
I'm using a dedicated server and maybe this will be helpful for future requests.
I created a file called modsec_exceptions.conf and placed it within the apache2/conf.d folder.
The file contains:
Thanks to Trengo @ #drupal_support for excellent help !
Comment #16
grandcat CreditAttribution: grandcat commentedThank you for this piece of code =)