View Single Post
Old 16th July 2012, 16:43
alb3 alb3 is offline
Junior Member
Join Date: Mar 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Wordpress and mod_security

Hello everybody,
I administer a server based on Debian with Ispconfig3, and I'm having issues related to image and videos management with the Wordpress CMS: It's possible to upload files, but when I try to insert them in a post, I get a 403 error.

Here's what I get from /var/log/apache2/modsec_audit.log:

[][rid#xxx][/robots.txt][1] Access denied with code 403 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/mod-security/modsecurity_crs_21_protocol_anomalies.conf"] [line "xx"] [id "xxx"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
Now, If I set SecRuleEngine to Off, everything works, but of course it's not a good solution.
Setting up rules on .htaccess could maybe do the trick, but I don't know where to start from.
Could anybody provide a link or a suggestion to solve the problem?
Reply With Quote
Sponsored Links