Welcome to Geeklog, Anonymous Friday, November 29 2024 @ 12:26 pm EST
Geeklog Forums
Can't write content containing HTML tags
Alec
Anonymous
Hello,
I am running Geeklog on a Windows XP Pro SP2 machine. I installed Apache PHP and MySQL using the WebServ project at Sourceforge. So far everything works but one piece.
Whenever I create a story, article, block, etc containing an HTML tag and try to save it, I get an http 403 Access Denied error message.
Checking the Apache Error Log I see the following:
[Wed Dec 01 14:44:30 2004] [error] [client (my ip address)] mod_security: Access denied with code 403. Pattern match "<(.|\n)+>" at POST_PAYLOAD [hostname "(my hostname)"] [uri "/admin/block.php"]
As far as I can tell, Apache is detecting the HTML code in the string input and is blocking it. That's very nice, and seems secure and all.. but how can I turn it off or at least throw some exceptions to the block?
Thanks!
I am running Geeklog on a Windows XP Pro SP2 machine. I installed Apache PHP and MySQL using the WebServ project at Sourceforge. So far everything works but one piece.
Whenever I create a story, article, block, etc containing an HTML tag and try to save it, I get an http 403 Access Denied error message.
Checking the Apache Error Log I see the following:
Text Formatted Code
[Wed Dec 01 14:44:30 2004] [error] [client (my ip address)] mod_security: Access denied with code 403. Pattern match "<(.|\n)+>" at POST_PAYLOAD [hostname "(my hostname)"] [uri "/admin/block.php"]
As far as I can tell, Apache is detecting the HTML code in the string input and is blocking it. That's very nice, and seems secure and all.. but how can I turn it off or at least throw some exceptions to the block?
Thanks!
15
12
Quote
Alec
Anonymous
Ah ha! I found my solution.
Find your httpd.conf file in the conf folder under Apache. Edit it in wordpad and change the following line:
SecFilter ""
to look like this:
SecFilter "
Then restart apache.
Now javascript will still be filtered, but simple HTML will not be filtered. Hope this helps somebody. It sure helped me.
Find your httpd.conf file in the conf folder under Apache. Edit it in wordpad and change the following line:
SecFilter ""
to look like this:
SecFilter "
Then restart apache.
Now javascript will still be filtered, but simple HTML will not be filtered. Hope this helps somebody. It sure helped me.
10
10
Quote
Alec
Anonymous
Try this...
SecFilter "<(.|n)+>"
should be replaced with
SecFilter "<( |n)*script"
Text Formatted Code
SecFilter "<(.|n)+>"
should be replaced with
Text Formatted Code
SecFilter "<( |n)*script"
10
10
Quote
All times are EST. The time is now 12:26 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content