PhpThumb & AJAX trigger ASL

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
IrishC
Forum User
Forum User
Posts: 15
Joined: Sun Dec 12, 2010 1:26 pm

PhpThumb & AJAX trigger ASL

Unread post by IrishC »

Hi, have a very strange problem, maybe someone can help...

We have a site which uses phpThumb to dynamically resize images. Some of the functionality also uses Ajax calls to populate various page areas based on user selection.

We just migrated this site to our ASL protected server, and it has been extremely problematic. It seems to generate 000400 events (Generic apache error) when browsing the site. It can work ok for a minute or so and then randomly images dont load or an ajax area gives a 'Forbidden' message. Then the site becomes unreachable as ASL blocks us for a minute or so.

I've tried disabling the rule but it continues to do this anyway. Also have reported it as a False Positive, but there has been no update now for a couple of days.

Does anyone have any idea why this would be an issue?

All our other sites use Phpthumb and Ajax no problems. Very odd :(

C
Top
IrishC
Forum User
Forum User
Posts: 15
Joined: Sun Dec 12, 2010 1:26 pm

Re: PhpThumb & AJAX trigger ASL

Unread post by IrishC »

Oh and this is a transcript example of the output via ASL for the event... domain changed to generic example for security purposes

Code: Select all

--1f987328-A--
[11/Feb/2011:13:04:03 +0000] VRX2a1BSeqYAAF3BqdEAAAAS XX.xx.xx.xx  50761 XX.xx.xx.xx 80
 
--1f987328-B--
GET /phpthumb/phpThumb.php?src=../uploads/jpg/W47d95cd74206f-03.jpg&w=340&q=100 HTTP/1.1
Accept: */*
Referer: http://www.mydomain.com/images
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
Accept-Encoding: gzip, deflate
Host: www.mydomain.com
Connection: Keep-Alive
Cookie: __utma=122705552.1498522015.1294686321.1294686321.1297429377.2; __utmz=122705552.1297429377.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=some_keywords; __utmb=122705552.4.10.1297429377; __utmc=122705552; PHPSESSID=lnomubsho2d6r0gh62ednolom7; sifrFetch=true
 
--1f987328-F--
HTTP/1.1 403 Forbidden
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1
 
--1f987328-H--
Apache-Error: [file "mod_evasive20.c"] [line 246] [level 3] client denied by server configuration: /var/www/vhosts/mydomain.com/httpdocs/phpthumb/phpThumb.php, referer: http://www.mydomain.com/images
Stopwatch: 1297429443245675 6612 (- - -)
Producer: ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/); 201102101759.
Server: Apache/2.2.3 (CentOS)
 
--1f987328-Z--
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4155
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: PhpThumb & AJAX trigger ASL

Unread post by mikeshinn »

https://www.atomicorp.com/wiki/index.php/Mod_evasive
Top
IrishC
Forum User
Forum User
Posts: 15
Joined: Sun Dec 12, 2010 1:26 pm

Re: PhpThumb & AJAX trigger ASL

Unread post by IrishC »

Mike, once again, to the rescue :)

Thanks dude. Makes perfect sense now. Beancounters adjusted. Running well!!

On a side note.. I need to add some pagination to that site lol.
Top
Post Reply

Return to “General Help and Development Discussion”