Skip to content

mod_security blocking wordpress/facebook authentication

Web hosting discussion, programming, and shared and dedicated servers.
7 posts Page 1 of 1
Post a reply

mod_security blocking wordpress/facebook authentication

by Will Sitch » Mon Jan 21, 2013 5:02 pm
Hi,

I run a WordPress.org install on my sitch.org domain and I’m having a bear of a time with something that I think I’ve narrowed down to a mod_security block on an authentication call from a wordpress plugin to facebook. Actually I think it’s Facebook’s response to the auth request.

This POST request gets 404'd:
98.207.217.237 will.sitch.org - [21/Jan/2013:16:54:05 -0800] "POST /wp-admin/options.php HTTP/1.1" 404 21301 "http://will.sitch.org/wp-admin/admin.ph ... n-settings" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0"

I don't have access to the mod_security logs in /var/log/custweb, but I assume mod_security or probably mod_security2 is blocking this as an URL Encoding attack or something.

I don’t know how to fix this. I’ve added the following to my .htaccess to turn off the POST filtering engine, but I still get the 404s. I think we're probably using mod_security2 (or a version that doesn't allow configuration overrides).

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>

Anyone got any ideas? Can an admin have a peek at the mod_security settings and weblogs? I've been reading that for others with the same problem, whitelisting some rules can make this work.

Thanks,
Will
by Will Sitch » Mon Jan 21, 2013 5:03 pm
http://blog.mattrudge.net/2010/06/30/wo ... 404_error/
by wsitch » Mon Jan 21, 2013 5:19 pm
Here are the suggested whitelist changes:
http://wordpress.org/support/topic/disa ... replies=16

Thanks,
Will
by joemuller » Mon Jan 21, 2013 5:23 pm
Will,

I can confirm that mod_security is blocking the requests:

Code: Select all

mod_security: Filtering against POST payload requested but payload is not available [hostname "will.sitch.org"] [uri "/wp-admin/options.php"]
Potentially, the following two lines in .htaccess should fix the problem:
SecFilterEngine Off
SecFilterScanPOST Off
I'm a proud employee of Sonic.net! :-)
by wsitch » Mon Jan 21, 2013 7:32 pm
Hi Joe,

Thanks for confirming that it's mod_security. There's no way to find out without checking the logs myself and I can't do that. It's been a tough two weeks.

I've tried turning off mod_security per the details in my original post, but it's not working. I get the same result all the time. I suspect mod_security (or you may be running ms2) is configured to not allow users to override the settings.

Can you edit the mod_security whitelist per the third post I made?

Thanks,
Will
by wsitch » Mon Jan 21, 2013 7:34 pm
Whoops, just to be clear, I've tried many combinations of SecFilterEngine, SecFilterScanPOST, and SetEnv MODSEC_ENABLE Off. None has worked.

Will
by wsitch » Thu Jan 24, 2013 3:52 pm
Thanks to Grant for finding the problem, which wasn't mod_security.

PHP 5.2 was having all kinds of problems. When I forced the server to use PHP 5.3, everything works!

Do this by making sure this is in your .htaccess:
Action php-cgi /cgi-bin/php53

(and of course remove lines that point to /cgi-bin/php5)

Interestingly this fixes the Facebook plugin, the WPbook-lite plugin, and the Simple Facebook Connect plugin.

Thanks Grant!

Will
7 posts Page 1 of 1

Return to “Hosting”

Who is online

In total there are 16 users online :: 0 registered, 0 hidden and 16 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: No registered users and 16 guests