Posted 8 months ago #
Hello,
I am having the select f r o m issue and I've tried disabling mod security using these htaccess commands:
<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>
and
<IfModule mod_security.c>
SecFilterEngine off
</IfModule>
<IfModule mod_security2.c>
SecFilterEngine off
</IfModule>
but none of them seem to work.
Any ideas ?
Thanks
just
SecFilterScanPOST Off
or
SecFilterEngine Off
nothing else
Posted 8 months ago #
Does this go in the root .htaccess or in the wp-admin ?
Posted 8 months ago #
I tried in both and I am still getting 500 errors.
Do I need to change anything in mod_security to allow these commands to work?
that should go in .htaccess in root and work
shouldn't need to change anything else
are you positive this is the problem?
Posted 8 months ago #
It turns out I have mod_security 2 and ms2 does not support .htaccess overrides.
More on that here:
http://www.drak.net/news/2009/01/05/mod-security-override-no-longer-works/
So I had to edit my whitelist.conf here:
/usr/local/apache/conf/modsec2/whitelist.conf
and I added
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 3000016 3000017
</LocationMatch>
<LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 3000016 3000017
</LocationMatch>
<LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017
</LocationMatch>
Now it works like I need it to.
Hope that helps for someone
thanks for that resolution - it's good to know
can you resolve the topic for future searches?
Posted 8 months ago #
Here's an update ... I posted too many zeros in the one above.
Here is what you need:
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 300016 300017
</LocationMatch>
<LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 300016 300017
</LocationMatch>
<LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017
</LocationMatch>
Posted 4 months ago #
Thanks SamBoll,
Your fix worked for me.
Nissa
@djdavedawson: Thanks a million...your solution cleared the problem I described below.
I've got 6 blogs on my server, all for different accounts and with the blogs in different places (/blog, /wp, etc etc). Is there anything special I need to do with the location match to make them all work?
DP: I bit the bullet and put that in. Seems to be working (or at least no one's kvetched yet and everyone can still post).
Posted 3 weeks ago #
How did the fix actually work for others? The mod security ID's should be different unless everyone's running the same script. And there's no path I've seen in my server for a whitelist.conf. How does the httpd.conf know it's there?
Posted 3 weeks ago #
you need to "Include conf/path/to/whitelist.conf" in your modsecurity.conf file.
the IDs represent the IDs of the rules. as a side note, I am a new user of modesecurity(MS) and from what I see in my modsec_audit.log none of those IDs appear there. though I did see some phpids-30 and -60 and such there.
on other note, this is not working on WP 2.8.5 and MS 2.5.10 with core ruleset 2.0.2
I am getting 403 forbidden when trying to post from admin panel. this really sucks if you ask me.
I got my whitelist.conf file to look like this:
[code]
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
</LocationMatch>
<LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
</LocationMatch>
<LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
</LocationMatch>
<LocationMatch "/wp-admin/options.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
</LocationMatch>
<LocationMatch "/wp-admin/theme-editor.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
</LocationMatch>
<LocationMatch "/wp-includes/">
SecRuleRemoveById 960010 960012 950006
</LocationMatch>
[/code]
I am inlcuding the whitelist.conf from the end of the MS conf. not sure if that's right or if the IDs have changed.
Posted 3 weeks ago #
update: the following seems to have solved the posting problem but there are still things that don't work right (plugins and themes to name a couple)
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "/wp-admin/options.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "/wp-admin/theme-editor.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>
<LocationMatch "/wp-includes/">
SecRuleRemoveById 960010 960012 950006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
</LocationMatch>I am now removing mod_security since I a running about 13 sites on my server and all of them run different scripts so this will literally take me months to get things strait for every site and script, time that I don't have.
You must log in to post.
