I noticed a lot of links on my site were returning 403 errors. Events like trying to login, or show thumbnails etc.
So I went into the server error logs and found the following example:
mod_security: Access denied with code 403. Pattern match "\\\\.php\\\\?(([a-zA-Z0-9\\\\-\\\\_\\\\.\\\\[\\\\]]*)=(http|https|ftp))" at REQUEST_URI [id "6600001"][rev "1"] [msg "Hsphere Rules 1: experimental rule for most php application attacks. Report false positives"] [severity "CRITICAL"] [hostname "blog.mywebsite.net"] [uri "/wp-login.php?redirect_to=http%3A%2F%2Fblog.mywebsite.net%2F"] [unique_id "SYzuasz1K2IAAGeVDM4"]
This happens anytime there is a redirect rule in the url.
this is actualy a good thing, other than wpmu not working lol..
question:
Is there a mod_security exception list available for wpmu so I don't have to make my own?
How does everyone else handle this issue?
Obviously I would not want to disable mod_security as it's actually doing a great job blocking a ton of garbage attacks.