WordPress › Support » Upgrade to 2.2

Brayne
Member
Posted 5 years ago #

I think speck hit the nail! Instead of turning off mod_security I felt better adjusting my http.conf file. In my case the mod_securty.conf file. I have clients on my server, as virtual hosts, running WP and I don't wish to change everyones htaccess files. ;-)

I found ...

# Only accept request encodings we know how to handle
# we exclude GET requests from this because some(automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml;)"

and changed it to ...

# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^text/xml)"

This did the trick for me.

ReneODeay
Member
Posted 5 years ago #

The first-mentioned modification to the .htaccess file did fix the Dashboard feeds problem and the "can't load this page" problems with saves, but I still cannot publish a new post.

Hmm, just double-checked my dashboard, and it says the post I've been trying to publish is scheduled in 10 hours!

I had to go into file manager from the cpanel, change the chmods to 755 and edit from file manager to make that change.

I have not tried the 'file' modification yet to see if that will fix the publish problem.

<Files index-extra.php>
SecFilterInheritance Off
</Files>

The comments seem to work fine, even before the .htaccess modification.

Whoa, thanks for all the advise. My panic is subsiding.

Rene
ReneODeay
Member
Posted 5 years ago #

New post I thought I had a problem with, did publish, at the time specified.

So the publish problem is also solved.
haveklummen
Member
Posted 4 years ago #

I've just installed WP 2.2 on my host http://www.haveklummen.dk. No problem while installing. Now when I log into the site as admin, I get the same error mentioned in this thread:
"You don't have permission to access /wp-admin/index-extra.php on this server.
Apache/1.3.36 Server at haveklummen.dk Port 80".

I have tried the trick with .htaccess, saved it on the host in the right format, but I just get an error 500, database error, when I upload .htaccess file to my host address. All the file permissons are set to 644. Ive read a lot of support pages without finding any other solutions. I dont have direct access to MySQL database from home, due to firewall restrictions at my webhost provider.
I'm very new to this - has anyone a good answer to my problem??

Sincerely
Jan H. Clausen
kirschey
Member
Posted 4 years ago #

I also get a 404 error where the index-extra.php error was before after following your .htaccess instructions. Any clues?
haveklummen
Member
Posted 4 years ago #

Anyone have a clue??
/Jan
windriver
Member
Posted 4 years ago #

Had similar issues to this - Except using stock FedoraCore6 box and Mod_security2, Brayne's (see above) fix worked, but you have to alter modsecurity_crs_30_http_policy.conf from

SecRule REQUEST_HEADERS:Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^text/xml)"

to

SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)"

Windy
ianchan
Member
Posted 4 years ago #

Hi,

The .htacess solution to not work for me.

I would like to try

# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^text/xml)"

However, I do not know which modsecurity file to modify. Is it this one: modsecurity_crs_10_config.conf or to I place it in http.conf?

Also, is the above for mod_security 1.x? How should it be written for 2.x?

Also, would you know why the .htaccess method does not work?Is there a setting somewhere that prohibits .htaccess from modifying the modsecurity settings?
donmartelca
Member
Posted 4 years ago #

I am getting the same thing .. .htaccess did solve some of the problems .. but I still cant edit or delete posts...

this is a fresh install today
bizunlim
Member
Posted 4 years ago #

I pray that someone comes up with a solution that newbies can use to fix this (or better yet, WP create it and call for a new upgrade - because now my blog is useless to me).

Never had a problem with upgrades until 2.2.1 and now my blog won't let me have my admin privileges, just the FORBIDDEN thing no matter what.

Help for newbies?
bizunlim
Member
Posted 4 years ago #

Update to my yesterday's post...

I tried Deerhunter's alteration of the .htaccess suggestion by whooami and put it inside wp-admin just as instructed... lo and behold! Everything works FINE...

Thank you ALL so much for your amazing brains and solutions, too! Bless you for the simplicity of that solution, too.

Here's the exact .htaccess code I put in wp-admin:

<Files index-extra.php>
SecFilterInheritance Off
</Files>

And that's all it took... no other tedious or time-consuming editing.

Have a great 4th if you celebrate, be safe...

Donna
bgajus
Member
Posted 4 years ago #

I seem to have to keep adding the code...

<Files index-extra.php>
SecFilterInheritance Off
</Files>

....over and over again. When I add it and upload it, it works but then later it doesn't and when I check the .htaccess file it seems to be gone. Any idea?
Will Taft
Member
Posted 4 years ago #

When I add it and upload it, it works but then later it doesn't and when I check the .htaccess file it seems to be gone. Any idea?

I found that any changes I wanted to stick in the htaccess file had to be outside of the section for WordPress. Keep your customizations separate from the part of htaccess that WP is always re-writing.
jonimueller
Member
Posted 4 years ago #
Just weighing in here to let you know that WhoamI's fix worked:
```
<Files index-extra.php>
SecFilterInheritance Off
</Files>
```
The .htaccess file was blank, I created it and added this code. Because I needed to set up clean URLs, I CHMOD'd it to 666, made the permalink structure changes in the Dashboard, let WP edit the file, then CHMOD'd it back to 644 and things are fine now.

Thanks!!!
sdickert
Member
Posted 4 years ago #

Okay - I too am frustrated. Suddenly, I can not add categories on my installation, and I went ahead and upgraded with the assumption that this would help solve the problem.

Why would Adding Categories (whether in posts or in link) suddenly stop working? I had it working as little as five days ago...
skysquare
Member
Posted 4 years ago #

I'm having the exact problem with my theme-editor.php which wouldn't give me permission to edit my theme files. (error "Method not implemented...")

Changing the CHMOD manually didn't work either and the fix provided here failed, too.

Created a .htaccess with WHOAM's code (replaced the index-extra with theme-editor.php) and uploaded it to wp-admin folder - blog crashes...

Everything else works fine, editing posts etc.

I will let my brother do the modsecurity file change in apache and see if it works. Any help or ideas appreciated though...

edit:Fixed. My brother deactivated the mod_security for my blogs.
hakre
Member
Posted 4 years ago #

Okay folks before trying yourself or even deactivating Mod_Security completely after all, please contact your admin or the person who is in charge for the Mod_Security setup. This is an fault in the default setup most often.

If you get 403 errors in the backend related to Ajax Requests while the requested files exist and are requestable with your browser, this looks like Mod_Security is handling the Ajax Request as a false-positive. This is often the case beacause a specific set of Mod_Security rules does not allow the request like it is done by the Ajax-Library of WordPress. You can fix this quite fast if you (or your admin) has access to the Mod_Security Setup.

There is a Pattern that must be extended. In a Post above it is shorted. Even this works as well, I would not recommend it, because it leaves a lot of other requests open - and this does not work well with whitelisting.

This was the Message I got:
mod_security-message: Access denied with code 403. Pattern match "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" at HEADER

It contains a Regular Expression:
!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)

Because the Ajax Library WordPress uses send it request with the header "application/x-www-form-urlencoded; charset=UTF-8" it is not matched against that regex.

FIX: Tell your admin to add that string to the regex:

|^application/x-www-form-urlencoded; charset=UTF-8$

Now the Header matches against that rule and everything is fine.
GlennMetcalf
Member
Posted 4 years ago #

NEW FIX: I tried all the .htaccess fixes none worked ... I then looked at my error log (not the screen error) and found: Directory index forbidden by Options directive

So I went into the apache config file and added

<Directory />
Options All
AllowOverride AuthConfig
</Directory>

to my virtual host for wordpress

my login then gave me the listing of all files in wp-admin instead of directly to "index" but clicking on index got me IN.

So for those do-it-your-selfers whose motto is: "A little knowledge is a dangerous thing, BUT EXCITING AS HELL. There you go.
hakre
Member
Posted 4 years ago #

Hi GlennMetcalf, I do not know exactly about which error you're writing but as much as I read you're not talking about a Mod_Security related configuration Issue. What you suggest does not work for all of the Errors discussed about in this thread.
thegrrlgeek
Member
Posted 4 years ago #

I tried the fixes for this error but received the following once I edited my .htaccess file:

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@thegrrlgeek.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
solarcrash
Member
Posted 4 years ago #

I'm having this problem still on wordpress 2.3.1 and I tried the fix as well - but it gave an error. does anyone else have a newer fix to this?
Picara
Member
Posted 4 years ago #

for the persons who still want a solution and all write here don´t work , I explain here
http://wordpress.org/support/topic/121982?replies=9#post-673242
how to make it works.
asle
Member
Posted 4 years ago #

Hi,
It has been a hard time figuring out this. If you run your own server like I do it was simple. I run Apache in chrooted environment (yes, I was hacked once, never since) so my security was set up very tight. I could not get mod_security to accept the wp header sent from admin-ajax.php so I set up this in mod_security.conf:

SecRule REQUEST_METHOD "!^(GET|HEAD)$" chain
SecRule HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data|^application/x-www-form-urlencoded*;)"

Now I don't see how this is a security hole to accept anything after "application/x-www-form-urlencoded" but would be glad for any commennts. At least once again WP 2.3.3 works fine for deleting posts, pages, categories.
/asle
RobertBruce
Member
Posted 4 years ago #

Well while all are jumping in I'll settle down with a beer and popcorn and wait for a result...!! Heehee

I cannot delete my posts. Unlike previus versions, 2.3.3 is missing the DELETE function in Manage/Posts

Only way to delete a post is therefore to go into Edit & scroll down to bottom of post and hit the Delete this draftbutton.

But this only gets me a notification out of post.php:

You are not allowed to delete this post.

So how do I delete posts? And why can't I? And before I get dumped on, I have read this thread and none of it explains why I cannot delete a thread.

And I cannot go back to Dashboard from Manage or any of the other function in the Dashboard menu.

I get this error:

Warning: main() [function.main]: Unable to access ./wp-blog-header.php in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Warning: main(./wp-blog-header.php) [function.main]: failed to open stream: No such file or directory in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Fatal error: main() [function.require]: Failed opening required './wp-blog-header.php' (include_path='.:/usr/php4/lib/php') in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Is there perhaps some stuff missing in the 2.3.3 upgrade?
hakre
Member
Posted 4 years ago #

Is there perhaps some stuff missing in your 2.3.3 upgrade?
aviro25
Member
Posted 4 years ago #

<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>

thanks..its working for me

« Previous 12

Topic Closed

This topic has been closed to new replies.

WordPress.org

Forums

[resolved] Upgrade to 2.2 - Dashboard not working (56 posts)

Topic Closed

About this Topic

Tags

Code is Poetry