Comments on: WordPress vs. mod_security http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/ Software, the Internet and you. Mon, 12 May 2008 16:16:16 +0000 http://wordpress.org/?v=2.5.1 By: DS http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-40030 DS Tue, 30 Oct 2007 23:15:37 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-40030 Thanks alot, that was very helpful. Thanks alot, that was very helpful.

]]> By: Slevi http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-39110 Slevi Fri, 12 Oct 2007 14:01:18 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-39110 Thanks for the tip, I was having issues with this in the past but just couldn't come with a better solution than writing P'ython instead :P. Will keep this one in mind :D. Thanks for the tip, I was having issues with this in the past but just couldn’t come with a better solution than writing P’ython instead :P. Will keep this one in mind :D.

]]> By: Jesse http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-38975 Jesse Wed, 10 Oct 2007 00:55:43 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-38975 Thanks a bunch for the tip. I was very nearly pulling out my hair wondering why the "P" word was giving me 403 errors on my blog. The span solution seems to have done the trick. ;) Thanks a bunch for the tip. I was very nearly pulling out my hair wondering why the “P” word was giving me 403 errors on my blog. The span solution seems to have done the trick. ;)

]]> By: David http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-35247 David Sun, 05 Aug 2007 00:41:23 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-35247 I had the same problem on a website I am developing hosted at http://www.aiso.net/. It was filtering out "python" with a space at the end. Considering I was trying to post a media r release which contained the word "carpet python" - it took me quite some time to figure out why on earth i was getting a 403. However, I contacted tech support, told them of the problem, they figured it was mod_security and removed the rule. Frankly though, I'd rather not have mod_security enabled in the first place. I'd rather just write secure web applications. David. I had the same problem on a website I am developing hosted at http://www.aiso.net/. It was filtering out “python” with a space at the end. Considering I was trying to post a media r release which contained the word “carpet python” - it took me quite some time to figure out why on earth i was getting a 403.

However, I contacted tech support, told them of the problem, they figured it was mod_security and removed the rule.

Frankly though, I’d rather not have mod_security enabled in the first place. I’d rather just write secure web applications.

David.

]]> By: Bennett http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-34106 Bennett Tue, 10 Jul 2007 22:37:01 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-34106 If you try to post a comment with the magic text in it, you simply end up with a 403 error and the comment never gets through. (I just tried it.) The filter applies only to incoming text -- this includes the POST body and the URL. If you try to post a comment with the magic text in it, you simply end up with a 403 error and the comment never gets through. (I just tried it.) The filter applies only to incoming text — this includes the POST body and the URL.

]]> By: Software Evolution » Blog Archive » WordPress vs. mod_security http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-30812 Software Evolution » Blog Archive » WordPress vs. mod_security Mon, 18 Jun 2007 10:35:13 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-30812 [...] More: continued here [...] [...] More: continued here [...]

]]> By: Ozh http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-29403 Ozh Thu, 14 Jun 2007 08:09:15 +0000 http://www.thunderguy.com/semicolon/2007/06/13/wordpress-vs-mod_security/#comment-29403 Weird. This seems to be a totally dumb rule to add into mod_security, I thought this was only filtering on GET (maybe POST?) urls. What then if someone comments with a filtered word? Does it ban the whole page? That's dumb :) You should warn your hosting company about this issue, and by the way ask them a list of censored words. Then, you'll make in seconds a plugin converting all "censored" into "cen<em></em>sored" or something. Weird. This seems to be a totally dumb rule to add into mod_security, I thought this was only filtering on GET (maybe POST?) urls. What then if someone comments with a filtered word? Does it ban the whole page? That’s dumb :)

You should warn your hosting company about this issue, and by the way ask them a list of censored words. Then, you’ll make in seconds a plugin converting all “censored” into “cen<em></em>sored” or something.

]]>