Error In Posting Link To Image

[RedNight]

I am posting this in the security forums as I beleive this is security related. When trying to post a link to an image on our forums (phpBB) I get the following error:

 

Not Acceptable

An appropriate representation of the requested resource /forums/posting.php could not be found on this server.

 

In doing some research on the net it looks like it is a security setting on the server and it only seems to give this error when posting an image from like Image Shack or one of the other free image hosting sites. I am guessing this is related to some of the vuleralbilities with images and phpBB does anyone have any information on this?

 

TIA

 

RedNight

[TCH-Bruce]

Welcome to the forums RedNight.

 

Sorry, I don't have an answer for you but maybe one of our other members will be able to shed some light on it.

[TCH-Thomas]

Welcome to the forum, RedNight.

 

Not sure what is wrong but we helped another member with a similar problem in this thread.

The solution was to use another domain/service than imageshack.

[RedNight]

Thank you for the reply Thomas and the welcome Bruce.

 

I thought that is what would be needed and have told the users of the forums to do that. Imageshack just happens to be the most popular one so I was wanting to let them continue using it.

 

We will work around it though by using another site. Thanks again for the prompt reply.

[stevevan]

Welcome to the forums!

[paultwang]

Not Acceptable

An appropriate representation of the requested resource /forums/posting.php could not be found on this server.

 

If you are the web master, add a new text file ~/public_html/forums/.htaccess

 

Content:

><IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Edited February 28, 2006 by paultwang

[TCH-JimE]

Intresting Paul, I will have give that try on my own phpBB

 

Welcome to the forums Rednight. If you want people to post images on your forum, take a look at the smartor album for PHPBB or Mighty Gorons Full album package which has all the bells and whistles on.

 

http://smartor.is-root.com

http://www.area69.phphost.info/

 

Jim

[paultwang]

406 Not Acceptable is a HTTP error which is not caused by the forum scripts. Interestingly, many legitimate problems with 406 error are related to forums, blogs, and scripts using PHP.

 

I think the cause of this 406 error is: The security module thinks that your web browser cannot understand the content to be delivered to you, because your browser has specified a certain content-type. In the forum/blog case, it thinks that the content (which is usually your topic post/reply) contains something that your browser will not understand.

 

I believe the original intention of this feature/bug is to filter out dangerous script codes. If you disable the scan, make sure your forum/blog/other PHP scripts properly disallow/filter dangerous codes.

Edited March 1, 2006 by paultwang

[chatbug]

Hi,

 

I experienced the same problem while trying to re-categorize this particular posts of mine, after importing it from blogger.com. Now that it's been fixed up and re-categorized, is it safe leaving the .htaccess like that? Or would it be best to return it to "normal"?

 

Thanks.

[Davide]

Hi, I'm Davide.

 

I'm an user community hosted from totalchoice.

Today I've received the same response from the server, while I'm posting a message containing url as "*foto.imageshack.us".

 

I Think that there is a security restriction so http server doesn't accept POST containing the words ".images"

 

My question is :"Is it possibile that server checks .images folder denying directory trasversal vulnerabilites and doesn't check any important folder as cgi-bin root etc.etcc... ?"

 

Imageshack is the most popular image hosting service used in forum community.

 

Are there any possibilities to avoid this problem?

 

Thank at all

 

//D

[Davide]

Hi, I'm Davide.

[CUT]

 

I add that the problem is not only with imageshack but with all image hosting providers.

They usually generate from an upload file , another file that it combines default name file with other randomly characters.

If accidentally, in the upload filename appears the word ".images" , it will break all POST action containing this filename

[Davide]

Solved with paultwang's advise

Thank you!

[TCH-Bruce]

Welcome to the forums Davide

 

Glad you have it sorted out.

[TCH-Thomas]

Welcome to the forum, Davide.

[TCH-JimE]

Welcome to the forums, glad it worked out ok!

 

JimE

[daspyda]

I instituted the fix as suggested above by uploading the .htaccess file, and it works perfectly!

 

Now, TCH, that won't endanger our relationship, will it????