Solving PHP File Uploading Errors Caused By Mod Security
Yes, believe it or not Mod Security is, 9 times out of 10 in my experience, the cause of all the uploading problems. Take for example my WordPress install. For quite a while I’ve been having problems where I would receive an ‘I/O Error’ or ‘HTTP Error’ for no apparent reason when uploading quite a few images. Turns out it was Mod Security mistaking the upload for a breach of security. Here is what you can do to fix it.
<IfModule mod_security.c> SecFilterSelective REQUEST_URI "^/path/from/site/root/filename\.ext.*$" "allow,pass" </IfModule>
This will tell Mod Security to pass all requests from the specified script, but still provides certain security checks that don’t interfere with the scripts file uploading operations. For example if you are working with WordPress and having image upload problems you would need to pass
async-upload.php like this:
<IfModule mod_security.c> SecFilterSelective REQUEST_URI "^/wp-admin/async-upload\.php.*$" "allow,pass" </IfModule>
Other applications such as Vbulletin 4′s new attachment manager can have the same problem. The script to allow in Mod Security with Vbulletin is
<IfModule mod_security.c> SecFilterSelective REQUEST_URI "^/newattachment\.php.*$" "allow,pass" </IfModule>
Hopefully that makes sense & you’ll be able to figure out any others.
Basically you just need to allow the script that handles the file uploads. This also works well if you are working with a custom application using SWFUpload & in my experience gets rid of some of those pesky #20** flash errors you can get.
As always if you have any questions, or any thing to add let me know in the comments, or you can follow me on twitter by clicking the big blue birds in the sidebar.