Uber Uploader flength file issues

apps

#1

Hi, I’ve been successfully running uber uploader on a couple of my sites, for a while now. Now that my account has been moved to a new server, it is no longer working. I get the “ERROR: Failed to find flength file” error and no progress bar.

I’ve read the Server Moves document in the Dreamhost wiki and see that you can no longer use “” in your .htaccess file. Using the following, in your .htaccess file, is a possible fix, suggested by the uber uploader developers:

[code]

Turn off mod_security filtering.

SecFilterEngine Off

The below probably isn’t needed,

but better safe than sorry.

SecFilterScanPOST Off
[/code]

and if it still doesn’t work, the following is also suggested:

<IfModule mod_security.c> SetEnvIfNoCase Content-Type \ "^multipart/form-data;" "MODSEC_NOPOSTBUFFERING=Do not buffer file uploads" </IfModule> <IfModule mod_gzip.c> mod_gzip_on No </IfModule>

If I turn off “Extra Web Security” in the manage domains control panel, it starts to work again. I’d really like to leave this on, if possible.

So am I reading the wiki correct and there is no way to implement any of the above mod_security suggestions, in my .htaccess file?

Any suggestions would be greatly appreciated.

Cheers, Scott


#2

We’re using mod_security2, not mod_security. The .htaccess lines you want here is:

<IfModule mod_security2.c> SecRuleEngine off </IfModule>

This is literally the exact code that we add to our web server configuration when “Extra Web Security” is disabled, so it should work the same way.


#3

Thanks for the quick reply!

Just so I understand this correctly; There isn’t a way to have “Extra Web Security” enabled and then use the above code to selective turn it off for certain areas of the site?

I made the changes you suggested in the root .htaccess file and I started getting a “SecRuleEngine not allowed here” error. I also tried the same thing with an .htaccess file containing the above code just in the cgi-bin directory and I got the same error.

Do I need to disable “Extra Web Security” as well? If I do, then I really won’t need to add the extra code to my .htaccess files since it’s being handled when I disable web security, right?

Thanks again for the help!


#4

Oh… hmm, I’ll look into that when I get in tomorrow. For the time being, just disable “extra web security”.


#5

I have the same problem. I tried all the above and more, read uber upload forums at sourceforge, read other threads here at DH, but it looks like the only way to get a progress bar (ie no ‘flength error’) is to disable ‘extra web security’ from the web Panel…

(I also tried this but it didn"t worked for me. I wonder if the original poster meant disable extra web security instead of disable fast cgi…)


#6

I’m having the same problem with file uploads not showing a progress bar. From what I can see the POST data is being buffered until the upload is complete. I have disabled ‘extra web security’ 3 hours ago, and it hasn’t fixed this problem. I’ve also tried adding to .htaccess:

<IfModule mod_security2.c>
    SecRuleEngine off
</IfModule>

But that gives internal server errors.

Are there other solutions to this problem? I’m pretty sure this was working as recently as a few weeks ago. Do I need to disable FastCGI too?

Edit: For what it’s worth, I found the solution to my specific problem. I switched to a VPS and then followed the instructions here to edit the Apache configuration. I edited (as root) the file:

And changed the line:

        SecRequestBodyAccess On

to:

        SecRequestBodyAccess Off

Then restarted apache:

This no longer buffered the POST data to my Perl CGI script so I would get the progress bar during uploads as expected. My guess is that since my uploads were over https, the normal suggestions mentioned earlier didn’t work for me.

Also, there may be other implications behind doing it this way, but for now it’s working so I can’t complain. And I can easily turn it back to ‘On’ and I stop getting the progress bar so I’m convinced this is the source of the problem. There may be a finer way to turn off the body access for just file uploads or for just that script, and maybe a modsecurity2 guru could post those instructions, but for now, this is working for me.