0

Ok, it's amazing.

I found that if i write, for example, "app/etc/local.xml" within an article, wordpress gives me a 403 error page during save or preview operations.

Now, I tried to decompose the string and i found that the problem is that " /etc/ " piece!! No errors for " etc ", " etc/ ", just for " /etc/ "!

I tried to activate debugging options also but no informations comes back about this error.

I tried to deactivate plugins and so on, but nothing happens!!!

The apache error_log says:

ModSecurity: Access denied with code 403 (phase 2). Pattern match....

It seems that for some kind of string within my posts, mod_security apache's module try to stop an injection.

Dancrumb
  • 26,597
  • 10
  • 74
  • 130
user2270248
  • 163
  • 2
  • 12

1 Answers1

1

Looks like your hosting service is using ModSecurity.

My guess is that they have a pattern matching algorithm which sees etc in the path of a URL and assumes that it is an attempt to access the /etc/ part of the filesystem, which they interpret as an injection attack.

Options:

  1. Learn how to configure your server to disable this check; this assumes that your hosting provider would permit this
  2. Change your app so that it doesn't use /etc/

Option 2 seems waaaay simpler.

Dancrumb
  • 26,597
  • 10
  • 74
  • 130
  • Thanks. It's not an app! I'm writing technical articles about Magento with my Wordpress blog, and i use so many paths with etc directory. Moreover, i found that i've the same 403 error when i try to quote pieces of code with variables or php strings... I'm ablosutely sure that my provider will not disable this module. I tried to use the htaccess, but without success. Damn, i don't know how to solve this problem! – user2270248 May 28 '13 at 16:00