flamey Posted March 8, 2008 Share Posted March 8, 2008 I have phpBB forum, and whenever soneone's trying to include image hosted on imageshack.us in the their post they get an "406 Not Acceptable" error. This does not happen with other image hosts. People are wondering, and so am I. On phpBB support forum I've read that this is a "server-side problem - your host has decided to block POST packets containing whatever is special about the imageshack links". Is this true? If it is, what other image hosts are being blocked (so I can let users know which sites not to use)? And what's the reason for this blocking, if not a secret? Thanks! Quote Link to comment Share on other sites More sharing options...
flamey Posted March 8, 2008 Author Share Posted March 8, 2008 (edited) yeah, same story on TCH Forums, but not on others I visit... so, why is TCH blocking it, its only images... :-/ Edited March 8, 2008 by flamey Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted March 8, 2008 Share Posted March 8, 2008 Please open a ticket with the help desk so a tech can check it out for you. Quote Link to comment Share on other sites More sharing options...
flamey Posted March 9, 2008 Author Share Posted March 9, 2008 done + fixed. thank you! *me still wonders why is foto hosting site is being blocked :-/ * Quote Link to comment Share on other sites More sharing options...
TCH-Alex Posted March 9, 2008 Share Posted March 9, 2008 The site in question was not blocked by TCH. The suspectable lengthy URLs will be caught by mod_security filter on the server when executing. As you have disabled mod_security for your account through help desk ticket, the issue has resolved itself. Quote Link to comment Share on other sites More sharing options...
flamey Posted March 9, 2008 Author Share Posted March 9, 2008 (edited) The site in question was not blocked by TCH. The suspectable lengthy URLs will be caught by mod_security filter on the server when executing. As you have disabled mod_security for your account through help desk ticket, the issue has resolved itself. on this very forum, try to reply to this post with only single line: http://www.image2shack.us/ only remove "2" in the middle, don't even need to use IMG tag. and you'll get the same error. add the "2" in the middle - no problem. i do appreciate you help in resolving it on my account, thank you. i'm just wondering that's up with this... Edited March 9, 2008 by flamey Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted March 9, 2008 Share Posted March 9, 2008 Maybe because it's not a valid web site? Sorry, we couldn't find www.image2shack.us Checking server [whois.nic.us] Results: Not found: www.image2shack.us Quote Link to comment Share on other sites More sharing options...
flamey Posted March 9, 2008 Author Share Posted March 9, 2008 i didn't say go visit it it just proves my confusion: you CAN include any web address in your post, weather domain exists or not — see its up there and its clickable... but not imageshack.us (note, that if forum engine doesn't attempt to render it as a URI, like here when did not include www prefix, its ok, its just text). but as soon as you include it -- you'll get error 406 Not Acceptable! Quote Link to comment Share on other sites More sharing options...
Head Guru Posted March 10, 2008 Share Posted March 10, 2008 Like alex said. Something about imageshack url is causing our mod_security rules to trip. I will have Ryan take a peak at this and he will respond directly to this thread. Bill Quote Link to comment Share on other sites More sharing options...
flamey Posted March 11, 2008 Author Share Posted March 11, 2008 thanks!! Quote Link to comment Share on other sites More sharing options...
gtman55 Posted April 17, 2008 Share Posted April 17, 2008 (edited) Same problem here. Any photo from Imageshack gets a 406 unacceptable error. I have the same IPB software as this forum. From what I've been told the mod_security rules may be overly strict or something? Is there a fix in the works other than disabling it in the .htaccess file (which may not be very secure)? Edited April 17, 2008 by gtman55 Quote Link to comment Share on other sites More sharing options...
TCH-Alex Posted April 17, 2008 Share Posted April 17, 2008 Please add these lines on .htaccess <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> Quote Link to comment Share on other sites More sharing options...
gtman55 Posted April 17, 2008 Share Posted April 17, 2008 Alex if you read my post above I know that. My question is does doing that make a php based forum more vulnerable to security issues? Quote Link to comment Share on other sites More sharing options...
TCH-Alex Posted April 19, 2008 Share Posted April 19, 2008 mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. Obviously, disabling mod_security will turn off this security measures. But, you can turn off mod_security for a specific file in your account. For example if the file image-upload.php is calling the external image url, you can turn off mod_security for the upload script only like <IfModule mod_security.c> <Files image-upload.php > SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.