Edmonds Commerce Blog

To get the highest possible level of server security and to protect yourself from things like XSS attacks, Edmonds Commerce highly recommend you get mod_security set up on your server.

If you ask your hosts they should be able to do this for you.

You can read all about mod_security here. If you would like any help getting mod_security set up on your server then simply get in touch.

One thing we always recommend doing to the standard mod_security configuration is to increase the maximum body size. This restriction by default limits the size of any web page to 500k.

For front end pages, there should never be a time when you need to display a page bigger than this size, however for some administration side systems, it is necessary to create very big pages. This mod_security limit will prevent these pages from being viewable.

To remedy this, you need to edit the file located in the modsecurity.d sub folder of your httpd folder (usually /etc/httpd/modsecurity.d/)

In this folder there is a collection of files which handle all of the various security rules that detect potential security threats. There is also a file called modsecurity_crs_10_config.conf.

Edit this file using vi and change the value for the SecResponseBodyLimit setting. We usually recommend upping this to 2mb from the standard .5mb. This means that the server is protected from doing really big things (for example a mysql dump) but is able to display really big admin side HTML pages.

To set it to 2mb you need to change the value of SecResponseBodyLimit to 2097152

When doing spidering projects or other bulk catalogue management projects for osCommerce sites, I tend to finish by creating easypopulate format files so that the store owner can do any last minute edits and upload the products manually using the easypopulate system.

Creating easypopulate format files can be a bit of a chore, especially as every site seems to be slightly different with different columns etc.

For this reason, I have created a very easy to use easypopulate file creation class. You can read more about the class here.

I have numerous clients who are now enjoying much, much easier management of their product catalogues including fully automated spidering systems that grab all details from supplier web sites and format it correctly to be uploaded to their store.

If you want to discuss ways that Edmonds Commerce can save you time and money whilst boosting your business - get in touch today!