CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Adding exceptions to the Config.IDS.ini file/ Intrusion detection system
Pages: [1]

Author Topic: Adding exceptions to the Config.IDS.ini file/ Intrusion detection system  (Read 629 times)

gibsonoliver

  • I post occasionally
  • **
  • Posts: 65
  • Karma: 2
    • Northbridge Digital
Adding exceptions to the Config.IDS.ini file/ Intrusion detection system
August 11, 2014, 02:04:13 am
Hi

We added some custom fields to events and were adding images to the fields using the WYSIWYG editor (CK editor).
CiviCRM kept throwing a IDS (intrusion detection system) error and reported the behaviour as suspicious.
So we have added some exceptions to the Config.IDS.ini file. Copying some details from the Civi error log we added the following exceptions in BOLD below

[General]
    filter_type         = xml
    filter_path         = /home/.../drupal/sites/all/modules/civicrm/packages/IDS/default_filter.xml
    tmp_path            = /home/.../sites/default/files/civicrm/sites/default/files/civicrm/upload/
    HTML_Purifier_Path  = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
    HTML_Purifier_Cache = /home/.../sites/default/files/civicrm/sites/default/files/civicrm/upload/
    scan_keys           = false
    exceptions[]        = __utmz
    exceptions[]        = __utmc
    exceptions[]        = widget_code
    exceptions[]        = html_message
    exceptions[]        = text_message
    exceptions[]        = body_html
    exceptions[]        = msg_html
    exceptions[]        = msg_text
    exceptions[]        = msg_subject
    exceptions[]        = description
    exceptions[]        = intro
    exceptions[]        = thankyou_text
    exceptions[]        = intro_text
    exceptions[]        = body_text
    exceptions[]        = footer_text
    exceptions[]        = thankyou_text
    exceptions[]        = tf_thankyou_text
    exceptions[]        = thankyou_footer
    exceptions[]        = thankyou_footer_text
    exceptions[]        = new_text
    exceptions[]        = renewal_text
    exceptions[]        = help_pre
    exceptions[]        = help_post
    exceptions[]        = confirm_title
    exceptions[]        = confirm_text
    exceptions[]        = confirm_footer_text
    exceptions[]        = confirm_email_text
    exceptions[]        = report_header
    exceptions[]        = report_footer
    exceptions[]        = data
    exceptions[]        = instructions
    exceptions[]        = suggested_message
    exceptions[]        = page_text
    exceptions[]        = custom_104_4
    exceptions[]        = custom_105_4
    exceptions[]        = custom_106_4

After the changes the IDS error has stopped when we add the images to the 3 custom fields. BUT we now don't know if it has stopped because we did the right thing or because the IDS checked has stopped working after the changes.

Does anyone know if the changes we have made are correct?

Cheers
Olly

Oliver Gibson, Northbridge Digital

andyg8

  • I’m new here
  • *
  • Posts: 16
  • Karma: 1
  • CiviCRM version: 4.3.2
  • CMS version: Drupal 7.22
  • MySQL version: 5.5.30-cll
  • PHP version: 5.3.22
Re: Adding exceptions to the Config.IDS.ini file/ Intrusion detection system
November 22, 2014, 05:00:05 pm
Further to this, we think that the Config.IDS.ini file gets re-written every time we flush caches in templates_c (or something like this) making our changes obsolete.

And further to this, every time we use those custom fields in a new Event, the final number in the field as below changes. Eg custom_104_4 changes to custom_104_8 etc.

Where can we go to learn how to have a bit more control over the IDS system?

Any help would be greatly appreciated!
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Adding exceptions to the Config.IDS.ini file/ Intrusion detection system

This forum was archived on 2017-11-26.