| Author |
Message |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 645
|
 Posted: Fri Feb 08, 2008 5:16 pm Post subject: mod_security problems? |
 |
|
Hi Trel!
I'm running Wordpress 2.3.3 on my hosting here and I am having trouble with posting. I can't create new posts or edit existing posts.
I get this error:
Method Not Implemented
POST to /wp-admin/post.php not supported.
A quick Google search brought up some results from the wordpress support forums:
http://wordpress.org/support/topic/135246
As well as a number of other people having related issues with mod_security
I wasn't sure if it was mod_security at first because you updated it 3 days ago, and I have made some edits to posts, but I read that one person had trouble only when they tried to add formatting (which is what I did today), so I am a little more positive now.
The .htaccess changes they suggested weren't helpful at all, and I can't change module .conf files 
Thank you for helping me out!
(temporarily I can manually create my posts in PHPMyAdmin  )
_________________
Rashy! |
|
| Back to top |
|
| |
LP-Trel
Zen
Joined: 02 Dec 2002
Posts: 5730
Location: Nirvana by Boredom
|
| Posted: Fri Feb 08, 2008 7:50 pm Post subject: |
|
|
The build of mod_security2 we're running here is somewhat different than what you will see elsewhere to give you access to more control over how it works on your websites. The modifications haven't been fully tested so I can't provide the documentation on how to control it just yet.
Apparently what you are editing is matching the following:
Matched signature <src=\\"ht tp:>"]
That is triggering an XSS filter and is what you are having trouble with.
_________________
* Knowledge Base * Wiki * Forum FAQs * |
|
| Back to top |
|
| |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 645
|
| Posted: Sat Feb 09, 2008 1:53 pm Post subject: |
|
|
Heh, that went right over my head.
I know my img tags were correct (that seems to be the only tag I am having trouble with right now):
<img src=" http :// rashy.org/articleimg/data/womenvoters.png" alt="Women Voters" style="float:left;" />
So I would have to change it to be without the http:// ?
<img src= " rashy.or g/articleimg...."
(or a www.rashy.org if that fails?)
Or another option would be to hack the core of WordPress (not that big of a deal for me...) to make it evaluate the form differently so as not to get caught by the XSS filters?
EDIT: I had to add spaces in the above img tags becuase when I didn't I got the same error that I get on my website:
[img:f15bf3eb45]http://img229.imageshack.us/img229/1697/screenshotsm4.th.png[/img:f15bf3eb45]
_________________
Rashy! |
|
| Back to top |
|
| |
LP-Trel
Zen
Joined: 02 Dec 2002
Posts: 5730
Location: Nirvana by Boredom
|
| Posted: Mon Feb 11, 2008 6:39 am Post subject: |
|
|
| Code: |
<IfModule mod_security2.c>
SecRuleRemoveById 950004
</IfModule>
|
put that into the wp-admin directory of your blog. It should take care of the problem by removing the rule for that folder.
_________________
* Knowledge Base * Wiki * Forum FAQs * |
|
| Back to top |
|
| |
Rashy
Lifeless Person
Joined: 25 Sep 2006
Posts: 645
|
| Posted: Mon Feb 11, 2008 3:30 pm Post subject: |
|
|
Thank you Trel
_________________
Rashy! |
|
| Back to top |
|
| |
|
|
|
Forum FAQs 
Knowledge Base 
Memberlist 
Usergroups 
Hosting
Register
Donate 
Profile 
Log in 
