Discover Centmin Mod today
Register Now

IP.Board Block Manager Getting Blocked

Discussion in 'Forum software usage' started by Jimmy, Nov 10, 2015.

  1. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    11:41 PM
    IPB uses what they call a Block Manager to add blocks / widgets "drag & drop" into the site. When I try to select something from the Block Manager it just selects the text and doesn't actually drag the widget. I looked at the error logs and it seems that the .js file is getting blocked by a rule. I can't figure out what rule is blocking it. Anyone have any idea which conf file I should modify?


    Here is the error:

    Code:
    2015/11/10 04:13:02 [error] 7689#7689: *139 access forbidden by rule, client: 10.0.0.245, server: 10.0.0.121, request: "GET /applications/core/interface/js/js.php?src=core%2Ffront%2Fcontrollers%2Fwidgets%2Fips.widgets.block.js&csrfKey=c78ec30d2554f6a481f511020d0f2b03&antiCache=861193e2a8 HTTP/1.1", host: "10.0.0.121", referrer: "http://10.0.0.121/"
    
    
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,796
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    1:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what does your full nginx vhost for your forum domain look like ? wrap in CODE tags
     
  3. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    11:41 PM
    I posted the wrong one... here it is.

    Code:
    # IPB4 Working NGINX site conf file
    
    # redirect from non-www to www 
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    
    # Redirect to HTTPS from port 80
    
    #server {
    #    listen  80;
    #    server_name 10.0.0.121;
    #    return 301 $scheme://10.0.0.121$request_uri;
    #    
    #    # Access and Error Logs
    #    access_log /home/nginx/domains/10.0.0.121/log/access_via80.log combined buffer=256k flush=60m;
    #    error_log /home/nginx/domains/10.0.0.121/log/error_via80.log;
    #}
    
    server {
        #listen       443 ssl spdy;
        listen  80;
        server_name  10.0.0.121;
    
        #ngx_pagespeed & ngx_pagespeed handler
        #include /usr/local/nginx/conf/pagespeed.conf;
        #include /usr/local/nginx/conf/pagespeedhandler.conf;
        #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
        # Limit Connections Per IP Address
        #limit_conn limit_per_ip 16;
       
        # ssi  on;
    
        # Access and Error Logs
        access_log /home/nginx/domains/10.0.0.121/log/access.log combined buffer=256k flush=60m;
        error_log /home/nginx/domains/10.0.0.121/log/error.log;
    
        root /home/nginx/domains/10.0.0.121/public;
    
        # Prevent access to ./directories and files
        location ~ (?:^|/)\. {
            deny all;
        }
    
        location / {
    
            # block common exploits, sql injections etc
            include /usr/local/nginx/conf/block.conf;
    
            # Enables directory listings when index file not found
            # autoindex  on;
    
            # Shows file listing times as local time
            autoindex_localtime on;
    
            try_files    $uri $uri/ /index.php;
    
        }
       
        location ~^(/page/).*(\.php)$ {
            try_files  $uri $uri/ /index.php;
        }
       
        # Mask fake admin directory
        location ~^/admin/(.*)$ {
            deny all;
        }
       
        # Secure real admin directory
        location ~^(/spanky/).*(\.php) {
            allow           127.0.0.1;
            allow           10.0.0.245;
            deny            all;
            #auth_basic     "Restricted Area";
            #auth_basic_user_file $document_root/mynewadmin/.htpasswd;
            include /usr/local/nginx/conf/php.conf;
        }
       
        # IP.Board PHP/CGI Protection
       
        location ~^(/uploads/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/system/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/datastore/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/plugins/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/blog/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/calendar/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/chat/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/cms/).*(\.php)$ {
            deny     all;
        }  
       
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        } 
       
        location ~^(/applications/downloads/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/forums/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/gallery/).*(\.php)$ {
            deny     all;
        }
       
        location ~^(/applications/nexus/).*(\.php)$ {
            deny     all;
        }  
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
        #include /usr/local/nginx/conf/errorpage.conf;
        include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
     
  4. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    11:41 PM
    I also went through all the include files and commented out everything. I was still having the issue.
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,796
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    1:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you don't need this part as alot of the protections like that included in the include file at include /usr/local/nginx/conf/drop.conf

    if could be matching and being blocked via
    Code:
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        } 
    Note, Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    I believe @pamamolf and @Tracy Perry have experience with IP.Board 4.1 on Centmin Mod ?
     
  6. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    11:41 PM
    That worked. I appreciate your help! Hopefully, I won't have anymore issues. I've been testing everything out and haven't run into anything that didn't work except for what was above. I also spoke with on of the users on the IPB forum who developed a guide over there for 3.4.8 and told him about the other thread I created. Hopefully, he can add or modify what I posted.

    Thanks again! Any help is much appreciated, and not expected. :)
     
  7. eva2000

    eva2000 Administrator Staff Member

    55,796
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    1:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you could also change
    Code:
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        }
    
    to
    Code:
        location ~^/(applications/core/interface/js/js.php) {
            include /usr/local/nginx/conf/php.conf;
            allow     all;
        }
    
        location ~^(/applications/core/).*(\.php)$ {
            deny     all;
        }
    
    so as to allow just that specific php file
     
  8. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    11:41 PM
    Thank you! Hopefully, in the end, I can get a solid working vhost file for all the users of IPB who choose to use Nginx and CENTMIN. The IPB developers aren't too interested in Nginx as it's, according to them, a niche OS with not that many users.
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,796
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    1:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+