Hi,

I have little problem. On our site peoples want upload source codes, but in this time PHPIDS interpret it as attack.
Can you plase make some option/bypass, that in some cases (depends on users/node type/categories) PHPIDS wouldnt work?
I know that there is option to disable PHPIDS for registered users, but it is not good solution for me/security.
Thanks a lot!

Best regards,
Martin Cmelik

Comments

it-cru’s picture

it-cru
Primary language English
Location Munich
commented
Assigned: Unassigned » it-cru
Status: Active » Needs work

Hi Martin,

possible this could be a workaround for you, if your site using CCK (but I didn't try it out myself yet):

1. Create a new content type for coding entrys
2. Add a named textfield (for example: code) to this created content type
3. Restrict a allowed user group to create nodes of this content type
4. Add field_code (field is default field-prefix) to exceptions[] in PHPIDS Config.ini (find in
/lib/IDS/Config)

So only a special group of users could add nodes with code to your site and other node types aren't accepted with code in it and will be rejected by PHPIDS.

I think a possible feature could be realized in version 1.9. But before this I should put a little brain activity into it ;)

I hope this could help you for the moment.

Best regards,
Steffen

cm3l1k1’s picture

cm3l1k1 commented

Hi Steffen,

I have big problems with it right now because IDS system make alert also in cases, that users paste bash scripts and so on.
Maybe I have one solution without big changes in code.

Is it possible to automatically exclude everything between <code>xxxx </code> ?

Thanks a lot man for your work on this module!!

it-cru’s picture

it-cru
Primary language English
Location Munich
commented
Status: Needs work » Postponed (maintainer needs more info)

Hello,

please take a look at the new release 6.x-1.10. Now it is possible to exclude some form fields from scanning by PHPIDS.

I hope this will help you.

Greetz Gos77

it-cru’s picture

it-cru
Primary language English
Location Munich
commented
Status: Postponed (maintainer needs more info) » Closed (fixed)

Closed because of no activity since over 2 months.

promes’s picture

promes
Primary language Dutch
commented
Version: 6.x-1.8-beta2 » 7.x-2.x-dev
Assigned: it-cru » Unassigned
Status: Closed (fixed) » Active

I created a special nodetype for input of large textblocks (some 0.5 to 1 Mb each). The other fields in this nodetype are the title and a taxonomy-term entry. It is unwanted PHPIDS is processing these nodes when added or modified: it takes extra time and it detects errors/warnings without any meaning for the customer.
I found this issues and tried to convert the instructions #1 to D7:
The textblock field (type: long text) has system name "field_body".
In the Config.ini.php (phpids-0.7) I added this line: exceptions[] = field_body
But PHPIDS keeps checking and spitting warnings when adding and updating the node.
What is the correct way to bypass the checking by PHPIDS?
Thanks.

PS
This site has been upgraded from D6. In D6 I never had any problem, even without changing the ini-file.