LiveResponse chat problems since .48 or later update

[craigbrass]

Did you try my mod_security fix as it may be that your host are not using the latest version.

[mbraham]

I would assume they are using the most up to date version (they are quite switched on over there), and also when attempting to open your zip file it says that it may be corrupt...

[craigbrass]

PM me your email address and I'll email it to you.

[craigbrass]

E-mail sent.

[mbraham]

Received, but having trouble uploading the file now.
I've emailed you a more detailed response!

[craigbrass]

And I have replied.

[mbraham]

I've now uploaded the .htaccess file and tested.... same problem exists!
Thanks for trying though....

Any other ideas?

[craigbrass]

Well if they are not willing to remove the restriction and you cannot yourself, I don't see what else to suggest.

[mbraham]

I have just got off the phone with UK Web Solutions, and they have assured me that no errors are being logged due to mod_security.

Indeed, they based (past tense) their front end support site on Kayako and offered sales via the Live Support application.
Back in the day they used to speak with Veroun (spelling?) quite a lot within Kayako, but said they don't see anything of him on MSN anymore.

On an interesting note, they said that they were having very similar issues with Live Support BEFORE initiating the Mod_Security change and due to no feedback decided to scrap using it.....

Jamie, if you are reading this, could I take you up on your offer (from a different thread) of helping...?
Live Support is critical to what I have recently started to put in motion between my department and our cluster primaries.... It will be embarassing for us (and Kayako's name - as I've said may positive things to colleagues in the past) if we can't get this resolved.

Cheers

Mark

[craigbrass]

*Varun

[Jamie Edwards]

Hi Mark,

mod_security really does cause a lot of problems with the live chat functionality; more often than not, this is the cause of the chat malfunctioning. mod_security As you can see from this thread, the disabling of mod_security has resolved the same issues.

This is not an application problem, as there is no significant number of people facing the same issue.

So, I am afraid that my advice is to try to convince your web host to disable mod_security for your account (it can be done on a per-account setting, as far as I am aware) or find another place to host it.

If you would like, I could set up a similar web hosting account (with a similiar server configuration) without mod_security enabled, and we can see if you face the same issues when connecting to this installation.

[craigbrass]

I would have to agree with Jamie. A list of software that I had to disable mod_security for included :-
- X-Cart
- Invision Power Board
- vBulletin
- Kayako

+ more. I ended up just dumping it all together. Solved more problems than it fixed.

[John Haugeland]

Quote:

I have just got off the phone with UK Web Solutions, and they have assured me that no errors are being logged due to mod_security.

Well, whereas they may not have logs of the problems, sir, mod_security is well known to cause (depending on how it's configured) 406 NOT ACCEPTABLE, 503 SERVICE UNAVAILABLE or 403 FORBIDDEN (the last with a comment about how no appropriate representation of the requested resource is available.)

The problem is that one of the things mod_security explicitly attempts to prevent is url injection into fields not meant for URLs. It goes to great lengths to try to see through encodings. One of the upshots of this is that when an application actually wants to pass a URL it cannot.

I of course am not making claim that mod_security is the problem in this context, as I have not taken a personal look at the problem yet. However, we need to be clear on this point: no matter what your host may or may not have logs of, mod_security breaks our product, as well as many many other products. If your host is unwilling to disable it for you - and they very easily could without affecting other customers if they wanted to - and furthermore if you are unable to suppress through the mod_security1 .htaccess rule approach or the mod_security2 vhost approach, then there isn't a whole lot that can be done to salvage your installation on your current host.

With all due respect, sir, there's really next to no value to mod_security. If your host is unable to make basic configuration changes to your server as required by SupportSuite, vBulletin, WordPress, MediaWiki, Invision Board and a huge stack of other extremely common applications, well, I'd start getting concerned. There's a reason mod_security has been off by default in Apache for something like six years.

Best of luck. I hope your host comes to realize how easily they could help you with running a standardly configured webserver. Failing that, I can tell you that I've tried KSS on several cheap shared hosts (the $5/mo type), and have yet to see a problem on any of them. I personally use HostMonster (as well as the host I own, but I won't advertise here), but DreamHost, HostGator, BlueHost, APlus.net, Pair and quite a few others all have the basic configuration to run standard web applications.

- John Haugeland
Kayako Development Staff

[Jamie Edwards]

Hi Mark,

I have replied to your private message.

[mbraham]

John / Jamie,

I have now spent most of the morning on the phone to UKWSD (hosting company).
They have been very helpful (as you have) in trying to reolve our issues.

They have tried the following:

• Disabling Mod_sec for just my account
• Using the htaccess method
• Disabling Mod_sec server-wide and restarting services that may be linked

All above attempts to resolve the issue have failed.
This does seem to suggest to me, that every attempt to prove that mod_sec is to blame has been investigated and failed....

As per my message in a previous thread (comments / suggestions), I am genuinely happy with continuing to use Support Suite / Kayako - but I would like to have this resolved by any means required.

I would be willing to look at renewing support, purchasing the latest version of support suite etc, if technical provisions were there for someone within your teams to assist in the upgrade process and guarantee that this issue was resolved restoring our functionality.

Kind regards

Mark