WordPress MU

Hi,

I am newbie in mod_security.I has installed mod_security-2.1.2-jason.1 (rpm -Uvh mod_security-2.1.2-jason.1.rpm) with wordpress MU 1.2.1.

Without any configuration in mod_security, I encounter many problems :

1 Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a -fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:option[permalink_structure]. [id "950107"] [ msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]

2 Message: Access denied with code 400 (phase 2). Pattern match "\\%(?!$|\\W|[0-9a [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]

3 [Tue Sep 04 10:50:22 2007] [error] [client 10.128.20.43] File does not exist: /var/www/html/mysite/wp-includes/js/tinymce/themes/advanced/images/{$lang_underline_img}, referer: http://mysite/wp-admin/post-new.php

4 [Tue Sep 04 10:20:45 2007] [error] [client 10.127.11.18] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [hostname "mysite"] [uri "/index_blog_user.php?author=admin"] [unique_id "pGdPa38AAAEAAEoxD4gAAAAO"]

5 When I change the profile for one bloger to juste juste I have the following message in my browser

Bad Request
Your browser sent a request that this server could not understand.

My question : What well configuration I must apply in for a efficient Wordpress MU + mod_security in mysite?

Thanks in advance.

Any help? Please

Any chance you could wait for someone to get back to you? Your constant quick bumping is very rude and, you may have noted, not going to get you any replies.

If you need answers that quickly, may I suggest getting paid support?

http://automattic.com/services/wordpress-consultants/

Oh!

I am so sorry. Because I am under pressure, I didn't want to convey any rude message for anybody.

Anyway, I don't want to blame any reporter.

I run mod_security, and have had no issues whatsoever.

lunabyte,

Thanks for your response. How to?
has you installed mod_security as me?

Could you please send me your mod_security.conf

Thanks for your reply

Um, no, I won't send my conf file.

To me, that would be bad practice, plus your setup may be far different than mine.

The box in particular that I'm referring to above is running RHEL, for the record. Although I do also have it installed on some CentOS boxes as well, which also aren't having an issue.

Dig up some information on the Apache site about the module, as that may help. Also, have you considered what the error messages are saying? They may be right, and you could have a problem on the web side.

All problem that I encountered when I have installed my mod-security with apache I mentiened it above. When I disable mod-security there is no problem.

As I explain I has installed mod_security-2.1.2-jason.1 (rpm -Uvh mod_security-2.1.2-jason.1.rpm) with wordpress MU 1.2.1.

After that the above problem is throwing.

Thanks for any help

http://wordpress.org/support/search.php?q=mod_security

http://wordpress.org/support/topic/126502?replies=7#post-610874

Among many many other threads over there. Should also apply.

Hope this helps,
-drmike