Posted 2 years ago #
I upgraded from 2.1.3 to 2.2 today, and now when I login to the admin page, I get:
---
Method Not Implemented
POST to /wp-admin/index-extra.php not supported.
---
I'm running my site at a webhoster running Plesk 8.1.1.
Phpinfo(); tells me:
Apache/2.2.0 (Fedora)
PHP Version 4.3.11
Mysql Version 5.0.27
Again, this only started after I upgraded to 2.2.
there are some mod_secutity issues while accessing index-extra.php in version 2.2
may be the solutions in this post will help you
http://wordpress.org/support/topic/117993?replies=29
Posted 2 years ago #
Well, that would work, under normal circumstances. However, that doesn't seem to be a valid configuration directive in Mod_security 2.1 (which is what I've discovered my hoster is running).
Also I've found out that mod_security2 doesn't respond well to .htaccess; it seems they've removed that functionality:
http://article.gmane.org/gmane.comp.apache.mod-security.user/3065
So, there's not much for me to do than to downgrade back to 2.1.3 until Wordpress figures out things.
Posted 2 years ago #
I meet the same problem with denitto. I wanna Wordpress tell me how to deal with it, or i will go back to 2.1 version.
Posted 2 years ago #
I have this messages in Apache error_log
[08/Jun/2007:00:38:54 +0400] [n.n.n.n/sid#8007cc48][rid#80535f38][/wp-admin/index-extra.php][1] Access denied with code 501 (phase 1). Match of "rx (?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"]
[08/Jun/2007:00:39:10 +0400] [n.n.n.n/sid#8007cc48][rid#80336da8][/wp-admin/admin-ajax.php][1] Access denied with code 501 (phase 1). Match of "rx (?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"]and in modsecure_debug.log
[08/Jun/2007:00:38:54 +0400] [n.n.n.n/sid#8007cc48][rid#80535f38][/wp-admin/index-extra.php][1] Access denied with code 501 (phase 1). Match of "rx (?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"]
[08/Jun/2007:00:39:10 +0400] [n.n.n.n/sid#8007cc48][rid#80336da8][/wp-admin/admin-ajax.php][1] Access denied with code 501 (phase 1). Match of "rx (?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" against "REQUEST_HEADERS:Content-Type" required. [id "960010"] [msg "Request content encoding is not allowed by policy"] [severity "WARNING"]
[08/Jun/2007:00:40:06 +0400] [n.n.n.n/sid#8007cc48][rid#80537f40][/wp-admin/theme-editor.php][2] Warning. Pattern match "(?:\\b(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\\b\\W*?=|abort\\b)|(?:l(?:owsrc\\b\\W*?\\b(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)\\b\\W*? ..." at ARGS:newcontent. [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <<script>"] [severity "CRITICAL"]
[08/Jun/2007:00:40:06 +0400] [n.n.n.n/sid#8007cc48][rid#80537f40][/wp-admin/theme-editor.php][1] Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}? ..." at ARGS:newcontent. [id "950006"] [msg "System Command Injection. Matched signature <;id>"] [severity "CRITICAL"]Fedora, Apache/2.2.x with mod_security2 module
Posted 2 years ago #
Temporary disable mod_security2 in virtual host section in httpd.conf
<VirtualHost my_host>
SecRuleInheritance Off
....
</VirtualHost>This topic has been closed to new replies.
