Recent Topics

1 Aug 15, 2013 06:20    

Niltze, b2evolutioners--

A recent yum update to a CentOS instance with predefined modsecurity rules caused a subsequent Server Error 500 whenever b2evolution user attempted to upload images for her/his post in b2evolution 5.0.5.

Analyzing the Apache /var/log/httpd/error_log file I found the following hint:

[entry log date] [error] [client IP affected] ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "39"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "www.anyHost.com"] [uri "/blogs/admin.php"] [unique_id "alphanumericString@alphanumericString"]

After making a backup of /etc/httpd/conf.d/mod_security.conf, I opened it with a text editor at line 39. I commented-out (with ##) the following 38 & 39 line directives:

## SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
## "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

Subsequently restarted Apache:

/etc/init.d/httpd restart

And the issue was resolved as user is now able to upload images for her/his b2evolution blog post.

Hope the above procedure helps someone.

Yolahuialtia (Cheers)!


Form is loading...