mod_security / 406 / "Not Acceptable" / "no appropriate representation" issues.
|Posted: Fri, 2008-01-04 17:22|
Ok, so with Gallery 1.x (and I've seen similar threads for 2.x, so I don't know how much of this translates to them too)
Several persons have had issues with getting the error
which all seem to be centered around either trying to get gallery working on a server with mod_security implemented, or for several of us- our hosts implemented it after the fact and caught us off guard- our perfectly fine function galleries started misbehaving.
I found several reference to the mod_security/cmd issue in threads
I found a workable solution in:
involving editing the .htaccess file which has to be placed in the root web folder ("public_html" in many cases, "www" in others) which then basically turns off mod_sec for the entire site.
Which many might consider less than optimal.
My host has been excellent working on this with me (shameless plug: AlphaOmegaHosting.com) but I would appreciate some assistance from the Gallery community as well:
-Is there a way to implement the .htaccess file so that it ONLY affects Gallery? I've tried placing it in the gallery directory, I've tried placing it in the album directory. Is there some magic combination that I missed? Is there an .htaccess guru who can help us focus this rule more?
-I understand the mod_sec may be overly stringent in its filtering. like filtering "cmd" to prevent remote execution of cmd.exe on a windows server... even though we're on a linux box. are there any other known or probably url strings that would get caught by mod_sec? Am I correct we should be able to edit the filter to allow them?
-I'm no at all familiar with mod_sec- is there a means of implementing rules so that it allows "cmd" only in urls that also contain "gallery" or "album."
-Does Gallery2 share this problem? or can I save myself some trauma by moving to it sooner rather than later?