J_M wrote:Sorry, I didn't search first.... found many other discussions that point the finger at mod_security.
I'm still reading, hopefully they will yield an answer, thanks
this is a support group forum for a health issue and it appears that one of the medications mentioned in the post is the problem. I can easily recreate the problem and am currently chatting with the host TS.
Does mod_security have a banned word list?
btw - word censoring is not enabled in phpBB3
J_M wrote:>not sure what you mean by word censoring is not enabled. you can enable it in your admin panel and put whatever words you want to be banned in the list.
I was just confirming that I had not censored anything within phpBB3
Some hosts are a bit over zealous with their mod_security but, generally, they are fine about changing it if requested. I personally get the impression most of them don't know a lot about it and accept the default setting when installing the server software. On a static site you probably wouldn't have any issues but, with something like a bulletin board where people are writing stuff, that's another story.J_M wrote:.... found many other discussions that point the finger at mod_security
Description: Performs a case-insensitive match of the provided phrases against the desired input value. The operator uses a set-based matching algorithm (Aho-Corasick), which means that it will match any number of keywords in parallel. When matching of a large number of keywords is needed, this operator performs much better than a regular expression.
This operator is the same as @pm, except that it takes a list of files as arguments. It will match any one of the phrases listed in the file(s) anywhere in the target value.
# Detect suspicious user agents using the keywords in
# the files /path/to/blacklist1 and blacklist2 (the latter
# must be placed in the same folder as the configuration file)
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /path/to/blacklist1 blacklist2" "id:167"
The most simplest form of filtering is, well, simple. It looks like this:
For each simple filter like this, ModSecurity will look for the keyword in the request. The search is pretty broad; it will be applied to the first line of the request (the one that looks like this GET /index.php?parameter=value HTTP/1.0). In case of POST requests, the body of the request will be searched too (provided the request body buffering is enabled, of course).