mod_security / 406 / "Not Acceptable" / "no appropriate representation" issues.

deanbaker

Joined: 2008-01-04
Posts: 2
Posted: Fri, 2008-01-04 17:22

Ok, so with Gallery 1.x (and I've seen similar threads for 2.x, so I don't know how much of this translates to them too)

Several persons have had issues with getting the error

Quote:
Not Acceptable
An appropriate representation of the requested resource /GALLERY/do_command.php could not be found on this server.

or similar...

which all seem to be centered around either trying to get gallery working on a server with mod_security implemented, or for several of us- our hosts implemented it after the fact and caught us off guard- our perfectly fine function galleries started misbehaving.
in my case it was most obvious with trying to create new albums. Evidently it may have to do with how mod_sec filters urls- again, in my case, it seems to try to filter the string "cmd."

I found several reference to the mod_security/cmd issue in threads

http://gallery.menalto.com/node/54075
http://gallery.menalto.com/node/52430
http://gallery.menalto.com/node/51833
http://gallery.menalto.com/node/20656

I found a workable solution in:

http://gallery.menalto.com/node/47410

involving editing the .htaccess file which has to be placed in the root web folder ("public_html" in many cases, "www" in others) which then basically turns off mod_sec for the entire site.

Which many might consider less than optimal.

My host has been excellent working on this with me (shameless plug: AlphaOmegaHosting.com) but I would appreciate some assistance from the Gallery community as well:

-Is there a way to implement the .htaccess file so that it ONLY affects Gallery? I've tried placing it in the gallery directory, I've tried placing it in the album directory. Is there some magic combination that I missed? Is there an .htaccess guru who can help us focus this rule more?

-I understand the mod_sec may be overly stringent in its filtering. like filtering "cmd" to prevent remote execution of cmd.exe on a windows server... even though we're on a linux box. are there any other known or probably url strings that would get caught by mod_sec? Am I correct we should be able to edit the filter to allow them?

-I'm no at all familiar with mod_sec- is there a means of implementing rules so that it allows "cmd" only in urls that also contain "gallery" or "album."

-Does Gallery2 share this problem? or can I save myself some trauma by moving to it sooner rather than later?