Want more timely Centmin Mod News Updates?
Become a Member

IP.Board Block Manager Getting Blocked

Discussion in 'Forum software usage' started by Jimmy, Nov 10, 2015.

  1. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    9:54 PM
    1.13.x
    MariaDB 10.1.x
    IPB uses what they call a Block Manager to add blocks / widgets "drag & drop" into the site. When I try to select something from the Block Manager it just selects the text and doesn't actually drag the widget. I looked at the error logs and it seems that the .js file is getting blocked by a rule. I can't figure out what rule is blocking it. Anyone have any idea which conf file I should modify?

    Here is the error:

    Code:
    2015/11/10 04:13:02 [error] 7689#7689: *139 access forbidden by rule, client: 10.0.0.245, server: 10.0.0.121, request: "GET /applications/core/interface/js/js.php?src=core%2Ffront%2Fcontrollers%2Fwidgets%2Fips.widgets.block.js&csrfKey=c78ec30d2554f6a481f511020d0f2b03&antiCache=861193e2a8 HTTP/1.1", host: "10.0.0.121", referrer: "http://10.0.0.121/"
    
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:54 AM
    Nginx 1.13.x
    MariaDB 5.5
    what does your full nginx vhost for your forum domain look like ? wrap in CODE tags
     
  3. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    9:54 PM
    1.13.x
    MariaDB 10.1.x
    I posted the wrong one... here it is.

    Code:
    # IPB4 Working NGINX site conf file
    
    # redirect from non-www to www 
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    
    # Redirect to HTTPS from port 80
    
    #server {
    #    listen  80;
    #    server_name 10.0.0.121;
    #    return 301 $scheme://10.0.0.121$request_uri;
    #    
    #    # Access and Error Logs
    #    access_log /home/nginx/domains/10.0.0.121/log/access_via80.log combined buffer=256k flush=60m;
    #    error_log /home/nginx/domains/10.0.0.121/log/error_via80.log;
    #}
    
    server {
        #listen       443 ssl spdy;
        listen  80;
        server_name  10.0.0.121;
    
        #ngx_pagespeed & ngx_pagespeed handler
        #include /usr/local/nginx/conf/pagespeed.conf;
        #include /usr/local/nginx/conf/pagespeedhandler.conf;
        #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
        # Limit Connections Per IP Address
        #limit_conn limit_per_ip 16;
       
        # ssi  on;
    
        # Access and Error Logs
        access_log /home/nginx/domains/10.0.0.121/log/access.log combined buffer=256k flush=60m;
        error_log /home/nginx/domains/10.0.0.121/log/error.log;
    
        root /home/nginx/domains/10.0.0.121/public;
    
        # Prevent access to ./directories and files
        location ~ (?:^|/)\. {
            deny all;
        }
    
        location / {
    
            # block common exploits, sql injections etc
            include /usr/local/nginx/conf/block.conf;
    
            # Enables directory listings when index file not found
            # autoindex  on;
    
            # Shows file listing times as local time
            autoindex_localtime on;
    
            try_files    $uri $uri/ /index.php;
    
        }
       
        location ~^(/page/).*(\.php)$ {
            try_files  $uri $uri/ /index.php;
        }
       
        # Mask fake admin directory
        location ~^/admin/(.*)$ {
            deny all;
        }
       
        # Secure real admin directory
        location ~^(/spanky/).*(\.php) {
            allow           127.0.0.1;
            allow           10.0.0.245;
            deny            all;
            #auth_basic     "Restricted Area";
            #auth_basic_user_file $document_root/mynewadmin/.htpasswd;
            include /usr/local/nginx/conf/php.conf;
        }
       
        # IP.Board PHP/CGI Protection
       
        location ~^(/uploads/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/system/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/datastore/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/plugins/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/blog/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/calendar/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/chat/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/cms/).*(\.php)$ {
            deny     all;
        }  
       
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        } 
       
        location ~^(/applications/downloads/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/forums/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/gallery/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/nexus/).*(\.php)$ {
            deny     all;
        }  
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
        #include /usr/local/nginx/conf/errorpage.conf;
        include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
     
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    9:54 PM
    1.13.x
    MariaDB 10.1.x
    I also went through all the include files and commented out everything. I was still having the issue.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:54 AM
    Nginx 1.13.x
    MariaDB 5.5
    you don't need this part as alot of the protections like that included in the include file at include /usr/local/nginx/conf/drop.conf

    if could be matching and being blocked via
    Code:
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        } 
    Note, Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    I believe @pamamolf and @Tracy Perry have experience with IP.Board 4.1 on Centmin Mod ?
     
    • Like Like x 1
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    9:54 PM
    1.13.x
    MariaDB 10.1.x
    That worked. I appreciate your help! Hopefully, I won't have anymore issues. I've been testing everything out and haven't run into anything that didn't work except for what was above. I also spoke with on of the users on the IPB forum who developed a guide over there for 3.4.8 and told him about the other thread I created. Hopefully, he can add or modify what I posted.

    Thanks again! Any help is much appreciated, and not expected. :)
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:54 AM
    Nginx 1.13.x
    MariaDB 5.5
    you could also change
    Code:
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        }
    
    to
    Code:
        location ~^/(applications/core/interface/js/js.php) {
            include /usr/local/nginx/conf/php.conf;
            allow     all;
        }
    
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        }
    
    so as to allow just that specific php file
     
    • Informative Informative x 1
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    9:54 PM
    1.13.x
    MariaDB 10.1.x
    Thank you! Hopefully, in the end, I can get a solid working vhost file for all the users of IPB who choose to use Nginx and CENTMIN. The IPB developers aren't too interested in Nginx as it's, according to them, a niche OS with not that many users.
     
    • Like Like x 1
  9. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:54 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1