Form $_POST getting scrubbed by server?

Avatar
InMotionFans
  • Answered
I have a super simple script here: http://ecres161.servconfig.com/~sherpaproject/post-test.php Here's the problem: * Enter CAT in box 1 * Enter in box 2 (enclose CAT in tag brackets) The form here simply posts to itself, and then dumps the raw $_POST onto the page. You will see that CAT comes through fine. But does not come through. I'm trying to figure out why, as Inmotion support couldn't crack it. This used to work fine on my old server, but I suspect something at the server level is filtering the $_POST and removing what it sees as suspicious strings. Interestingly, if you put in numeric values like 123 and <123> they *both* come through ok. So, I suspect some sort of regex filtering there. But, I need to know what to ask tech support to disable for me, as I need to be able to receive things like
Replies 1
Avatar
0
Arn
Hello, Sorry for the problem regarding the script issues regarding $_POST. I looked through web server logs to see if there was a mod security rule other issue happening and this what I'm seeing: [Wed Sep 23 16:53:38.585639 2015] [:error] [pid 1097:tid 140721920] [client 50.xxx.xx.xx] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname "ecres161.servconfig.com"] [uri "/~sherpaproject/administrator/index.php"] [unique_id "VgMRUsYuUZoAAARJbkwAAAjI"] [Wed Sep 23 17:40:43.346860 2015] [:error] [pid 43696:tid 1404499752] [client 50.xx.xx.xx] ModSecurity: Error reading request body: Partial results are valid but processing is incomplete [hostname "ecres161.servconfig.com"] [uri "/~sherpaproject/administrator/index.php"] [unique_id "VgMcWcYuUZoAAKqwn60AAAdW"] [Wed Sep 23 19:35:01.902414 2015] [:error] [pid 5247:tid 140450159] [client 50.xx.xx.xx] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/resource": Resource deadlock avoided [hostname "ecres161.servconfig.com"] [uri "/~sherpaproject/administrator/index.php"] [unique_id "VgM3JMYuUZoAABR-IjYAAAFA"] I obfuscated some of the information (minus the info you've already shared), but the error messages indicate that there is definitely something happening at the Apache web server level. These errors indicate limits being encountered as imposed by mod security on the server. Customer community has no way to remove these server-side rules. You will need to submit a verified support ticket and have a systems person review the issue to see if they are able to make changes to accommodate your script. Apologies again for the problems with the issue. I hope this helps to answer your question, please let us know if you require any further assistance. Regards, Arnel C.