The MU forums have moved to WordPress.org

mod_security is playing havoc with my wpmu setup (4 posts)

  1. anointed
    Member
    Posted 13 years ago #

    I noticed a lot of links on my site were returning 403 errors. Events like trying to login, or show thumbnails etc.

    So I went into the server error logs and found the following example:

    mod_security: Access denied with code 403. Pattern match "\\\\.php\\\\?(([a-zA-Z0-9\\\\-\\\\_\\\\.\\\\[\\\\]]*)=(http|https|ftp))" at REQUEST_URI [id "6600001"][rev "1"] [msg "Hsphere Rules 1: experimental rule for most php application attacks. Report false positives"] [severity "CRITICAL"] [hostname "blog.mywebsite.net"] [uri "/wp-login.php?redirect_to=http%3A%2F%2Fblog.mywebsite.net%2F"] [unique_id "SYzuasz1K2IAAGeVDM4"]

    This happens anytime there is a redirect rule in the url.

    this is actualy a good thing, other than wpmu not working lol..

    question:
    Is there a mod_security exception list available for wpmu so I don't have to make my own?

    How does everyone else handle this issue?

    Obviously I would not want to disable mod_security as it's actually doing a great job blocking a ton of garbage attacks.

  2. VentureMaker
    Member
    Posted 13 years ago #

    From my experience, using mod_security is a pain.
    BTW, are you on HSphere?

  3. tdjcbe
    Member
    Posted 13 years ago #

    We had this problem awhile back. I *thought* there was something in the readme file about it but I'm not seeing it.

    Please try the solution from this post. I think it's what solved the problem:

    http://wordpress.org/support/topic/126502?replies=7#post-610874

    Edit: Also make sure the last six lines from this file are in your .htaccess file:

    http://trac.mu.wordpress.org/browser/trunk/htaccess.dist

  4. anointed
    Member
    Posted 13 years ago #

    Venturemaker: Yes I run Hsphere and so far it has been good to me.

    tdjcbe: Thanks for the links, though they both talk about basically disabling mod_security which imho is just plain wrong and dangerous.

    As the links that would cause problems in wpmu are obviously the same for everyone, does anyone care to share their rule sets for wpmu?

About this Topic

  • Started 13 years ago by anointed
  • Latest reply from anointed