Force SSL and mod_security

  • I’ve tried using the method on this plugin’s site to force the form action to be SSL. It throws up mod_security errors on my server. Does anyone know a way to submit the form securely without tripping mod_security rules?

    function my_action_url_ssl($form_action_url, $form_id_num) {

##################################
 // control which forms you want this on
 $all_forms = false; // set to true for process on all forms, or false to use settings below
 $forms = array('1','2');  // one or more individual forms
 ##################################
 if ( !in_array($form_id_num, $forms) && $all_forms != true)
 return $form_action_url;

  // force form action URL to be SSL
  $form_action_url = preg_replace( '|https://|', 'https://', $form_action_url );

   return $form_action_url;

}
//filter hook for form action URL
add_filter('si_contact_form_action_url', 'my_action_url_ssl', 1, 2);

    https://www.ads-software.com/plugins/si-contact-form/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi, I have submitted a message to the plugin developer Mike Challis to look at your issue.

    Regards

    Thread Starter ANAdesigns

    (@anadesigns)

    Thanks!I love the plugin and have donated to support it in the past. Getting this issue worked out would be a wonderful thing. ??

    Just one question are you adding the correct form ID to the code?

    Thread Starter ANAdesigns

    (@anadesigns)

    Yes, I’m adding the correct form ID. A security cert is already installed on the domain so it supports SSL.

    This is the mod security rule that’s being triggered:

    # allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
    "phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'"

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Force SSL and mod_security’ is closed to new replies.