Hi,
I am newbie in mod_security.I has installed mod_security-2.1.2-jason.1 (rpm -Uvh mod_security-2.1.2-jason.1.rpm) with wordpress MU 1.2.1.
Without any configuration in mod_security, I encounter many problems :
1 Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a -fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:option[permalink_structure]. [id "950107"] [ msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
2 Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
3 [Tue Sep 04 10:50:22 2007] [error] [client 10.128.20.43] File does not exist: /var/www/html/mysite/wp-includes/js/tinymce/themes/advanced/images/{$lang_underline_img}, referer: http://mysite/wp-admin/post-new.php
4 [Tue Sep 04 10:20:45 2007] [error] [client 10.127.11.18] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [hostname "mysite"] [uri "/index_blog_user.php?author=admin"] [unique_id "pGdPa38AAAEAAEoxD4gAAAAO"]
5 When I change the profile for one bloger to juste juste I have the following message in my browser
Bad Request
Your browser sent a request that this server could not understand.
My question : What well configuration I must apply in for a efficient Wordpress MU + mod_security in mysite?
Thanks in advance.