I'm using version 1.0.3 and have used it successfully for almost a year now. Just this week its started giving an error message when I click the save button after editing the description etc for a photo. The error message is:
Precondition Failed
The precondition on the request for the URL /zen/admin.php evaluated to false.
Apache/1.3.33 Server at www.snowdropstudios.co.uk Port 80
Anyone any ideas why this has started all of a sudden?
Comments
As a test try switching off mod_security either for your entire domain or just for Zenphoto by adding the following line in the relevant .htaccess file
SecFilterEngine Off
But this is only to diagnose. Switching off mod_security may make you vulnerable to spam and possibly injection attacks. If this works and the errors cease, you may have to craft a specific line for your .htaccess which stops the error but does not entirely disable mod_security.
Any idea what sort of line we should code for stopping the error but not disabling the security entirely?
Thanks very much for your help with this its really appreciated
Regards
Anne
SecFilterEngine On
SecFilterSelective "POST_PAYLOAD" "poppy" "poppies" "allow,nolog"
instead of:
SecFilterEngine Off
Please add any other words like "poppy" or "poppies" in double quotes.
It is a long shot and is contingent upon your being able to guess all such words since you never know for sure. You could also consider contacting your host and ask them what is being flagged.
SecFilterEngine On
SecFilterSelective "POST_PAYLOAD" "poppy" "allow,nolog"
SecFilterSelective "POST_PAYLOAD" "hot red poppies" "allow,nolog"
SecFilterSelective "POST_PAYLOAD" "any other string" "allow,nolog"
etc.
Glad I found this thread - I'm experiencing exactly this problem. When I turn the filter completely off the page loads, but I cannot get it to work/ find out (waiting for reply from hosting provider) what keyword phrase I need to include for the selective filtering. I've tried all the keywords in the filename, including the entire filename. Any suggestions?
Thanks,
Alex
You may also want to investigate the real (versus perceived) benefits of mod_security. I have not really looked into it myself. Maybe it is an urban myth and even a moderately sophisticated attacker can bypass it with ease. If so, just disable it.
Recently I came to the same conclusion about PC software firewalls. I don't think they protect anything except their own bottom lines when they sell you a new subscription every year. In the meanwhile your PC is brought down to its knees by the firewall's memory and CPU needs. Plus you get scary looking pop-ups about how the firewall saved you from 10 attackers in the last 10 minutes which I consider to be completely manipulative.
But I am interested to see if it's Zenphoto causing mod_security to go off... I'll have to test it out.