| Posted by cfs5403, 06-17-2011, 07:02 PM | | Hello,
Everytime I publish, save or editing post, I keep get the 404 not found error . If I remove all Mod Security rules then this problem no more. So, can anyone teach me the suitable mod security rules for wordpress? so I don't get that error again.
|
| Posted by foobic, 06-18-2011, 02:06 AM | | The easiest way to handle it is to disable that specific rule for the problem directory / domain. Check the debug log, /var/log/httpd/modsec_debug.log or similar. Look for the entry that corresponds to your false positive and find its rule number (something like [id "999999"] in the log). Then disable it in your virtualhost config, like this:
You're probably missing an error page for whatever error mod_sec is throwing, too (eg. 503 maybe?), which is why you're getting the 404 error. Just something else to look into!
|
| Posted by cfs5403, 06-18-2011, 04:36 AM | | I'm using VPS. It is safe if I completely remove mod security? Can hacker hack in my VPS or wordpress?
|
| Posted by CoderJosh, 06-18-2011, 08:24 AM | | Using mod_security is usually a good idea to protect web applications such as WordPress. So, if you can manage to just remove those rules for those scripts that conflict with legitimate usage, that would be much safer.
|
| Posted by Hillockhosting, 06-19-2011, 01:14 AM | | disable rules which causes conflict and recompile apache
|
| Posted by Jeremy, 06-19-2011, 03:25 AM | | Where did you get the rules for mod_sec? There's a ton out there that are just canned and dont work for everyone...
|
| Posted by mikegotroot, 06-30-2011, 01:32 PM | | Check you apache error log file which will tell you which modsecurity rule is being triggered. Then with that rule number, contact the authors of those rules to let them know you have a false positive. Any respectable rule author will have an update for you the same day. If the author wont fix their rules, then dont use those rules.
|
|
 Add to Favourites
 Print this Article
|
