WordPress › Support » mod_security - would these rules break WP ?

linickx
Member
Posted 4 years ago #

Hi,
I'm trying to troubleshoot why my blog (www.linickx.com/blog) is blank, I've gone through the usual stuff, am running the latest version, db-connection, plugin's & themes etc, etc, and still no joy. :'-(

My ISP changed something, but are being very very "sketchy" with the details; they've sent me these mod_security rules, could any of them break WordPress ?

<quote>
Hi,

I have found a chunk of code that might be of use to you, this is all
the functions that are bloced through httpd.conf:

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
</quote>

Cheers.

skippy
Member
Posted 4 years ago #

I get a 404 at http://www.linickx.com/blog/, and not a blank page.

The mod_security rules above are only likely to cause problems if you use any of those terms in the body of a post.

linickx
Member
Posted 4 years ago #

Hum, must be a firefox/i.e. difference, ;-) I've set custom 404 pages on the server if you go to a page that doesn't exist (e.g http://www.linickx.com/blah ) - In firefox I get a blank page or "page contains no data" .

Re: mod_security, I guess you mean that the default install of WP doesn't use any of those then. :-(

Shame, I'll have to keep digging then.

Cheers.

skippy
Member
Posted 4 years ago #

I'm using Mozilla Firefox on Debian GNU/Linux, and I see your 404 page, not a blank page.

Yes, the default WordPress installation should not trigger any of those mod_security rules.

linickx
Member
Posted 4 years ago #

Weird that's not what my Fedora4 version does :-)

Thanks skippy.

skippy
Member
Posted 4 years ago #

Okay; I'm seeing blank pages now. No clue what happened between earlier and now to cause this.

I see that even wp-login.php produces a mostly-blank page. Same for /wp-admin/install.php and /wp-admin/upgrade.php. All three of those files should at least show something.

Do any PHP files work on your site? Can you save the following as php.php and put it in the root of your WordPress site:
<?php phpinfo(); ?>

linickx
Member
Posted 4 years ago #

Wow , thanks skippy you're being really helpful, my site has been down for a week now & it's really depressing.

phpinfo = http://www.linickx.com/dbtest/phpinfo.php

I even wrote a small DB test script (which works) I'm really stumpted, and my ISP isn't really helping much :-(
(DB test http://www.linickx.com/dbtest/wp-dbtest.php )

Cheers.

skippy
Member
Posted 4 years ago #

I'm sorry to say that I'm out of ideas for the moment. If your host is being unhelpful, it may be time to find a new host. There's loads of them that are available, and offer superb support.

I'm trying to think through what could be causing the problem.
* Everything used to work before ISP did stuff
* PHP works
* PHP can talk to MySQL

So, what would cause WordPress to display nearly blank pages? Alas, I don't know.

linickx
Member
Posted 4 years ago #

I fear you might be right, it's a shame since I've still got over 6months left on my contract with them.

Thanks for your help anyway :-)

AlanSmithee
Member
Posted 4 years ago #

Now put your phpinfo file in the blog directory.

linickx
Member
Posted 4 years ago #

Done.

http://www.linickx.com/blog/phpinfo.php

y ? :-S

podz
Support Maven
Posted 4 years ago #

Theme ?
Change themes, try new themes.

linickx
Member
Posted 4 years ago #

Hi Podz, can't change the theme as the admin pages don't load (http://www.linickx.com/blog/wp-admin). Is there a way to do if from within the DB ?

podz
Support Maven
Posted 4 years ago #

There is, but the admin uses different css so if that does not load it just shows the problem lies deeper.

westi
Member
Posted 4 years ago #

linickx: Can you check the file ownership and permissions on the WordPress files. If all the PHP files that you have created since they changed something are working but the WordPress ones are not then something must be different between them.

I know that some hosts require particular permissions on php ( and other script files) before they are able to run - this maybe what is causing you problems.

AlanSmithee
Member
Posted 4 years ago #

Because linking to any other php I assume would be there doesn't behave as I espected - blank or otherwise so at first I thought it was a rewrite problem, but now perhaps some permissions or something may have changed on your old files?

linickx
Member
Posted 4 years ago #

Well changing file permissions in cpanel is painful.

All directories were & are 755, most of the files were 644 except all the files in /blog , like wp-config.php etc,etc were 755, I've changed it so all files are 644 & dir's are 755, still no joy tho'

:-(

linickx
Member
Posted 4 years ago #

AlanSmithee Said:"I thought it was a rewrite problem"

.. ahh that makes sense, didn't think of that.

WordPress.org

Forums

[resolved] mod_security - would these rules break WP ? (18 posts)

Topic Closed

About this Topic

Tags

Code is Poetry