Strange behaviour of serendipity_admin.php

[nuTux]

Hi community

I've got a strange behaviour with my serendipity_admin.php

I can edit in all the sections of my backend, save and it works.
Except! for the Anti-Spam settings
If I change something there and want to save it i get this:

Code: Select all

You don't have permission to access /serendipity_admin.php on this server.

Thx for your help

[kleinerChemiker]

Please also ask your provider. This could be a malfunction of some security plugin for PHP.

[nuTux]

I will do so, but i thought its a problem with serendipity, because it only apperas when I want to save this Anti-Spam-Settings
all the other stuff works, lilke templates, new articles, etc

[kleinerChemiker]

That's why my first guess is, that it's an overactive securtiy plugin of PHP.

[garvinhicking]

Definitely.

mod_security watches every HTTP POST/GET input made to a server. If it detects "malicious" strings, it will stall the execution and kill the process, thus reporting a white/blank page or a HTTP error status code.

When you save the spamconfig, you submit strings that are often regarded as spam (of course, that's the point of saving those strings). However, by submitting them, you trigger the same blocking means.

This can only be circumvented by mod_Security being whitelisted for this type of request, or configured less intrusive on just posting keywords.

Regards,
Garvin

[nuTux]

Thank you

I had a chat with my hoster and he told me, thers a line in the .htaccess file wich is corrupting...

Code: Select all

Options -MultiViews

So I always have to comment this line.. But for what is this line?
Is it important? Can I disable it?

[garvinhicking]

Hi!

This is actually also a security option to prevent people calling files like "evilfile.php.txt" that would be interpreted as PHP otherwise.

I don't think this variable should be responsible, because then EVERY page of yours wouldn't work, not just that one page saving the configuration.

Does everything work when you disable that line in .htaccess?

Regards,
Garvin

[nuTux]

Yes if i have coment this line out, then it all works fine.