• Shorten my QUERY STRING ? Getting problem with mod_security

    MarkGrillo Member

    i have a problem with mod_security that is installed on my server,

    when i try to DELETE/Update somthing on my detabase i get this error:

    Forbidden
    You don't have permission to access /manager/index.php on this server.
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    

    So they (the hosting company) told me to Shorten my QUERY STRING to less then a 1000, that for every action i make it writes a log.

    Because its above 1000 and the mod_s is blocking it…how do i do that ? (Shorten my QUERY STRING) and how do i check what is Defined in the QUERY STRING as the limit ?

  • SapnaVishwas Member

    To see the limit you’ll need access to the mod_security configuration file. Since the hosting company told you to make it smaller than 1000 characters, my guess it’s 1024.

    In this case query_string points to the url after the PHP file and the question mark, and not the SQL query. For example /XXX/index.php?'key1=value1&key2=value2'. Where the part in quotes is the query string.

    You are sending to much information using GET. You should try shortening it, or find another way to save information to the database. You could try creating a database class, or function which you use to save the information from the file where you do the rest of your stuff. This saves you a number of requests, and hence bandwith.

  • CarltonBirch Member

    i got a few things i don’t understand,

    1. until now it deleted just fine, what Suddenly happens ? i didn’t Touched the code for a month and it happens about a week ago…

    2. my hosting company sent me this error log: there are 2 things i dint understand in it :

    this is just a part of it:

    DeleteId%5B%5D=790&ChangeUp=%D7%9E%D7%A2%D7%95%D7%93%D7%9B%D7%9F&DeleteId%5B%5D=665&DeleteId%5B%5D=366&DeleteId%5B%5D=365&DeleteId%5B%5D=364&DeleteId%5B%5D=362&DeleteId%5B%5D=363&DeleteId%5B%5D=396&DeleteId%5B%5D=397&DeleteId%5B%5D=398&DeleteId%5B%5D=399&DeleteId%5B%5D=400&DeleteId%5B%5D=404&DeleteId%5B%5D=403&DeleteId%5B%5D=619&DeleteId%5B%5D=620&DeleteId%5B%5D=621&DeleteId%5B%5D=622&DeleteId%5B%5D=623&DeleteId%5B%5D=624&DeleteId%5B%5D=718&DeleteId%5B%5D=554&DeleteId%5B%5D=613&DeleteId%5B%5D=614&DeleteId%5B%5D=651&DeleteId%5B%5D=1081&DeleteId%5B%5D=1082&DeleteId%5B%5D=1083&DeleteId%
    

    1. when i try to delete 1 row it try to delete all my date ?
    2. or is it Because i have over a 1000 id’s so the search for the right one make it stuck ?

  • Adelaid Member

    Anyway this is the delete:

    
    

    If u need something else tell me and ill post

  • SapnaVishwas Member

    There are so many variables in the GET request. Depending on how it is implemented on your main page, you should only be getting that 1 ID passed on. At the moment, it looks like everything is in the request.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.
en_USEnglish