Xenforo posting error with litespeed, only in some threads

Discussion in 'General' started by gas, Feb 24, 2014.

  1. gas

    gas New Member

    Hello,
    I installed the trial version of litespeed in my xenforo bulletin board, since I saw so many positive comments about it.
    I'm very happy about it, now the server response time dropped from 0.7 sec to less than 0.2 and the average bounce rate (analytics data) reduced by 25%

    My only problem is that in some thread (not all of them, but some specific ones) it's not possible to post anymore when litespeed is active.

    When anybody tries to add a message, he get the message below.

    Any idea?
    Thanks!

    Forbidden
    You don't have permission to access /threads/bl%C3%A0-bl%C3%A0-bl%C3%A0.72306/add-reply on this server.
    2014-02-24_10h50_37.png



    These are the latest logs:

    Last edited: Feb 24, 2014
  2. mistwang

    mistwang LiteSpeed Staff

    check "Request Filter"/mod_security rules. turn it off.
  3. gas

    gas New Member

    Thanks mr wang, I put "request filter" like you can see in the image below. Also after a graceful restart, the problem still appears.
    Schermata 2014-02-24 alle 23.40.42.png

    ...and since I was not sure, I put everything on NO: the problem is still there.

    Schermata 2014-02-24 alle 23.43.47.png

    Thanks for your help
  4. gas

    gas New Member

    It worked with

    Security Audit Log : $SERVER_ROOT/securityauditlog

    Solved!!
  5. NiteWave

    NiteWave Administrator

    so you tried to put the log under root "/" ! :)
    not easy to debug but solved ..
  6. gas

    gas New Member

    Nope, after one day it's not working anymore. Same error, same threads of the forums.

    Any idea?
  7. mistwang

    mistwang LiteSpeed Staff

    Just check error log, for 403 forbidden, if it is generated by web server itself, it always log the reason.
  8. gas

    gas New Member

    Ta chan! Found it! You can see it below here. What should I do?

    [87.114.201.191:49425-0#APVH_musicadigitale.net] mod_security rule triggered!
    [Wed Feb 26 15:55:26 2014] [error] [client 87.114.201.191] ModSecurity: Access denied with code 403, [Rule: 'MATCHED_VAR' '!@rx ://%{SERVER_NAME}/']
    [ID: 340012] [Msg: Atomicorp.com UNSUPPORTED DELAYED Rules: Unauthorized Proxy access attempt]2014-02-26 15:55:26.587 [NOTICE] [87.114.201.191:49425-0#APVH_musicadigitale.net] Content len: 498, Request line: 'POST /threads/bl%C3%A0-bl%C3%A0-bl%C3%A0.72306/add-reply HTTP/1.1'
  9. mistwang

    mistwang LiteSpeed Staff

    Just locate that rule in your Apache configuration, and turn it off. Send it to us if you think it is a bug causing false-positive.
  10. gas

    gas New Member

    Ok will do. Can you please explain me how to locate the rule and turn it off? I know..it's the basic question, I'm learning =)
  11. NiteWave

    NiteWave Administrator

    search
    'MATCHED_VAR' '!@rx ://%{SERVER_NAME}/
    in mod_security rule file, or disable mod_security rule completely in apache's httpd.conf

Share This Page