Thread

I am baffled. This site has used php in this template for some time now. Now (seemingly) all of the sudden I cannot update the template. When I update I get kicked out to the index page.

I have removed code in the page until I have found the offending code. If I include any php in the page the template does not save properly. Any ideas?

Hi, Eric.

I suspect what is happening has to do with mod_security.

I’ve had to turn off mod_security via .htaccess in order to get some PHP to work.

See: HowTo Disable Mod_Security

Does that help?

Thanks Sue…I’ll look into that.

Eric,

Let us know what you find on mod_security.  If your host says it’s not in the mix, can you please define what you mean by “the template does not save properly”  Are you getting errors?  a blank screen?  Does it just submit?

Yes, my Apache has mod_security. I was able to get around it by editing a template file rather than submitting through the ee backend. When I do submit through the ee backend it redirects me to the index page of the front end as long as it has php code in the template.

mod_security looks like it was written to take care of some very real threats. I am wondering if it is as good as it seems? Is it wise to just bypass it? I wonder if I could write some rules to tell if the submission containing php is coming from someone that is logged into ee? I have complete control over this server.

mod_security does have some good stuff.  The only issue is with dynamic applications such as ExpressionEngine, you can’t simply install default rules and expect them to work for every system.  They have to be tweaked for your environment.  ExpressionEngine has a very good security track record, and we work tirelessly to make sure the app is secure.

If the host is practicing good security techniques on the server/file system level, you should be good to go.  😊

-greg