Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    The fat guy next door VIPStephan's Avatar
    Join Date
    Jan 2006
    Location
    Halle (Saale), Germany
    Posts
    8,917
    Thanks
    6
    Thanked 1,040 Times in 1,013 Posts

    “Multipart parser detected a possible unmatched boundary. severity CRITICAL”

    This is a challenging one:
    I have a shared hosting plan (or rather, the client has) and was going to install CMS Made Simple which is all good. However, whenever I want to add a new page or update it through the CMS (hitting the submit button which submits a form) I would get a status code 403 (forbidden). I checked the access log and it shows that this seems to happen on POST requests only.

    My hosting company told me they were seeing this error in the error log, output by the security module:
    Multipart parser detected a possible unmatched boundary. severity CRITICAL
    and told me that the data packets of my browser were not HTTP compliant. They also told me that they have deactivated the filter rule that triggers this error for now but that this error is not normal.

    Now, my question would be: What could be the reason for this issue and how could I overcome it without being able to modify the server configuration or the CMS core? Is this a false positive, maybe, and they should modify the filter rule? Could this be caused by a browser plugin on my side (cookies, anyone?)?

    The server has suPHP installed, by the way, and I have not modified any directory permissions, all directories are 755 and all files are 644.

    Would be happy if anyone could spare an idea.

    Edit: OK, I’ve found out that the CMS doesn’t support (or care about) mod_security and it could be some variable name or something that triggers the firewall. Is there any way to find out to which pattern mod_security is reacting?
    Last edited by VIPStephan; 10-31-2011 at 04:34 PM.

  • #2
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by VIPStephan View Post
    My hosting company told me they were seeing this error in the error log, output by the security module:
    and told me that the data packets of my browser were not HTTP compliant.
    Yeah, that filter means the request was in an invalid format.
    Quote Originally Posted by VIPStephan View Post
    Is there any way to find out to which pattern mod_security is reacting?
    Yep, MULTIPART_UNMATCHED_BOUNDARY.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •