Prev Previous Post   Next Post Next
Old 16th July 2012, 16:43
alb3 alb3 is offline
Junior Member
Join Date: Mar 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Wordpress and mod_security

Hello everybody,
I administer a server based on Debian with Ispconfig3, and I'm having issues related to image and videos management with the Wordpress CMS: It's possible to upload files, but when I try to insert them in a post, I get a 403 error.

Here's what I get from /var/log/apache2/modsec_audit.log:

[][rid#xxx][/robots.txt][1] Access denied with code 403 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/mod-security/modsecurity_crs_21_protocol_anomalies.conf"] [line "xx"] [id "xxx"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
Now, If I set SecRuleEngine to Off, everything works, but of course it's not a good solution.
Setting up rules on .htaccess could maybe do the trick, but I don't know where to start from.
Could anybody provide a link or a suggestion to solve the problem?
Reply With Quote
Sponsored Links


debian 6, ispconfig 3, mod_security, wordpress

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 11:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.