Is Tch Blocking Imageshack.us?

[flamey]

I have phpBB forum, and whenever soneone's trying to include image hosted on imageshack.us in the their post they get an "406 Not Acceptable" error. This does not happen with other image hosts. People are wondering, and so am I. On phpBB support forum I've read that this is a "server-side problem - your host has decided to block POST packets containing whatever is special about the imageshack links".

 

Is this true?

If it is, what other image hosts are being blocked (so I can let users know which sites not to use)? And what's the reason for this blocking, if not a secret?

 

Thanks!

[flamey]

yeah, same story on TCH Forums, but not on others I visit... so, why is TCH blocking it, its only images... :-/

Edited March 8, 2008 by flamey

[TCH-Bruce]

Please open a ticket with the help desk so a tech can check it out for you.

[flamey]

done + fixed. thank you!

 

*me still wonders why is foto hosting site is being blocked :-/ *

[TCH-Alex]

The site in question was not blocked by TCH. The suspectable lengthy URLs will be caught by mod_security filter on the server when executing. As you have disabled mod_security for your account through help desk ticket, the issue has resolved itself.

[flamey]

The site in question was not blocked by TCH. The suspectable lengthy URLs will be caught by mod_security filter on the server when executing. As you have disabled mod_security for your account through help desk ticket, the issue has resolved itself.

 

on this very forum, try to reply to this post with only single line:

http://www.image2shack.us/

only remove "2" in the middle, don't even need to use IMG tag. and you'll get the same error.

 

add the "2" in the middle - no problem.

 

i do appreciate you help in resolving it on my account, thank you. i'm just wondering that's up with this...

Edited March 9, 2008 by flamey

[TCH-Bruce]

Maybe because it's not a valid web site?

 

Sorry, we couldn't find www.image2shack.us

 

Checking server [whois.nic.us]

 

Results:

Not found: www.image2shack.us

[flamey]

i didn't say go visit it

 

it just proves my confusion: you CAN include any web address in your post, weather domain exists or not — see its up there and its clickable... but not imageshack.us (note, that if forum engine doesn't attempt to render it as a URI, like here when did not include www prefix, its ok, its just text). but as soon as you include it -- you'll get error 406 Not Acceptable!

[Head Guru]

Like alex said. Something about imageshack url is causing our mod_security rules to trip.

 

I will have Ryan take a peak at this and he will respond directly to this thread.

 

Bill

[flamey]

thanks!!

[gtman55]

Same problem here. Any photo from Imageshack gets a 406 unacceptable error. I have the same IPB software as this forum. From what I've been told the mod_security rules may be overly strict or something? Is there a fix in the works other than disabling it in the .htaccess file (which may not be very secure)?

Edited April 17, 2008 by gtman55

[TCH-Alex]

Please add these lines on .htaccess

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

[gtman55]

Alex if you read my post above I know that. My question is does doing that make a php based forum more vulnerable to security issues?

[TCH-Alex]

mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

 

Obviously, disabling mod_security will turn off this security measures.

 

But, you can turn off mod_security for a specific file in your account. For example if the file image-upload.php is calling the external image url, you can turn off mod_security for the upload script only like

 

 

<IfModule mod_security.c>

<Files image-upload.php >

SecFilterEngine Off

SecFilterScanPOST Off

</Files>

</IfModule>