Pi in the Sky

Insecurely secure

Posted on April 17th, 2007 at 8:13am by Pi.
Categories: Pi in the Sky, WordPress.

I was finally uploading a semi-definitive version of Pi in the Sky to EligeOtraVez.net when I noticed a small error in the XHTML code of one of the posts. I went there to edit it, make the change, press save and… Oooops! 403: Forbidden. You don’t have permission to access /wp-admin/post.php on this server.

How funny. After experimenting with .htaccess and file permissions, very soon I was hitting my head against the wall. But again the 13th Google search helped me find the answer. It seems to be a problem with an Apache module called mod_security. This module acts as a kind of firewall for the web server running in the host.

Something in the rules of mod_security was preventing me from sending POST data to the PHP script. Maybe something in the POST data was triggering the block; size, keywords, code… In any case, there’s a simple step you can follow to overcome this problem, if you have it too. In your .htaccess file, add the following code (I did it at the beginning):
# Override mod_security, so WordPress works (?!?!?)
SecFilterEngine Off
SecFilterScanPOST Off

Actually, the problem was solved just with SecFilterScanPOST Off, but in all the examples I saw, both statements were used. I really need to check what kind of rules is my host using, and see if they can sanitize them a bit.

no comments yet.

Creative Commons »« Changing table prefix for WordPress

Pi in the Sky is powered by WordPress. Dressed with Vistered Little. Hosted at MochaHost.