Comments on: WordPress vs. mod_security

By: Ben Jackson

Ben Jackson — Wed, 27 Jan 2010 16:27:54 +0000

I had a similar issue with WordPress – 403 errors triggered by a keyword. Took ages to figure it out, but it turns out the triggering string was “/cgi/”.

By: Bennett

Bennett — Thu, 10 Dec 2009 10:37:43 +0000

Thanks @Ritesh. It’s not that much of an issue for me really, but that link could be very helpful to other out there who have this problem.

By: Ritesh

Ritesh — Tue, 01 Dec 2009 04:53:06 +0000

One of my friends, was facing the similar problem and which was fixed after bypassing some mod_security rules. After further searching on this matter, I have found a good article to bypass certain rules for WordPress:

http://blog.webhostingdiscussion.net/site-and-server-security/wordpress-and-mod_security2-issues.htm

Thanks,

Ritesh

By: Matt Harrah

Matt Harrah — Sat, 23 Aug 2008 23:40:45 +0000

Thank you very much for the tip. I was going crazy trying to reference that British comedy troupe to did a movie about a Grail…

By: DS

DS — Tue, 30 Oct 2007 23:15:37 +0000

Thanks alot, that was very helpful.

By: Slevi

Slevi — Fri, 12 Oct 2007 14:01:18 +0000

Thanks for the tip, I was having issues with this in the past but just couldn’t come with a better solution than writing P’ython instead . Will keep this one in mind .

By: Jesse

Jesse — Wed, 10 Oct 2007 00:55:43 +0000

Thanks a bunch for the tip. I was very nearly pulling out my hair wondering why the “P” word was giving me 403 errors on my blog. The span solution seems to have done the trick.

By: David

David — Sun, 05 Aug 2007 00:41:23 +0000

I had the same problem on a website I am developing hosted at http://www.aiso.net/. It was filtering out “python” with a space at the end. Considering I was trying to post a media r release which contained the word “carpet python” – it took me quite some time to figure out why on earth i was getting a 403.

However, I contacted tech support, told them of the problem, they figured it was mod_security and removed the rule.

Frankly though, I’d rather not have mod_security enabled in the first place. I’d rather just write secure web applications.

David.

By: Bennett

Bennett — Tue, 10 Jul 2007 22:37:01 +0000

If you try to post a comment with the magic text in it, you simply end up with a 403 error and the comment never gets through. (I just tried it.) The filter applies only to incoming text — this includes the POST body and the URL.

By: Software Evolution » Blog Archive » WordPress vs. mod_security

Software Evolution » Blog Archive » WordPress vs. mod_security — Mon, 18 Jun 2007 10:35:13 +0000

[...] More: continued here [...]