Title: Custom CSS causes Internal Server Error
Last modified: February 28, 2023

---

# Custom CSS causes Internal Server Error

 *  Resolved [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/)
 * (@pcvcadmin)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/)
 * Hello Tobias,
 * I just want to report some unexpected behavior. This example is taken from the
   Tablepress FAQ and is used to illustrate the issue. The following CSS will cause
   an “Internal Server Error” once Save Changes is clicked when entering Custom 
   CSS in the Plugin Options page.
 *     ```wp-block-code
       .tablepress thead th,
       .tablepress tfoot th {
       	background-color: #ff0000;
       }
       ```
   
 * If the CSS is changed to:
 *     ```wp-block-code
       .tablepress tfoot th {
       	background-color: #ff0000;
       }
   
       .tablepress thead th {
       	background-color: #ff0000;
       }
       ```
   
 * It is correctly saved and no longer causes the error. I have tried this both 
   on my WordPress installation and on a vanilla WordPress installation with no 
   plugins except Tablepress.
   Dreamhost is my hosting service. I believe the first
   CSS used to work at one point. I’ve only run into this recently as I tried to
   change the CSS for testing purposes.

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/)
 * (@tobiasbg)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16514554)
 * Hi,
 * thanks for your post, and sorry for the trouble.
 * That’s strange. It would be great to find out more about this error. For that,
   please set the `WP_DEBUG` constant to `true` in your site’s “wp-config.php” file,
   see [https://wordpress.org/support/article/debugging-in-wordpress/#wp_debug](https://wordpress.org/support/article/debugging-in-wordpress/#wp_debug),
   or maybe check the server’s error log file (if you don’t have access to that 
   your self, you web host company’s support team should have access), and then 
   try again, please.
 * Thanks!
   Tobias
 *  Thread Starter [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/)
 * (@pcvcadmin)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16515667)
 * Thanks Tobias, although resolution on this is not critical for me, I’m happy 
   to help debug as much as I can.
 * I have turned on php logging and WP_DEBUG. The only messages in the WordPress
   log are messages about deprecatd PHP calls and do not seem to have anything to
   do with Tablepress. Unfortunately I can’t find any php error log generated as
   a result of the error. I am contacting support on this.
 * I have done a couple of changes to see if it would affect the problem. I have
   increased the php max_execution_time = 500 and max_input_time = 0 and also tried
   PHP 8.0 and 8.2. The error still occurs.
 *  Thread Starter [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/)
 * (@pcvcadmin)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16515811)
 * So I got access to the error log. Here is the tail entries.
 *     ```wp-block-code
       [Tue Feb 28 14:29:52.864399 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       [Tue Feb 28 14:29:52.875071 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       [Tue Feb 28 14:29:52.895065 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54841] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6AYEN9834hG8B754itQAAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       [Tue Feb 28 14:30:07.337055 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:options[custom_css]. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within ARGS:options[custom_css]: .tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       [Tue Feb 28 14:30:07.337342 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "53"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: head th,\\x0d found within REQUEST_BODY: closedpostboxesnonce=5ce4d1eeb6&meta-box-order-nonce=4ddad14f16&_wpnonce=931def2a8d&_wp_http_referer=/wp-admin/admin.php?page=tablepress_options&action=tablepress_options&options[use_custom_css]=true&options[custom_css]=.tablepress thead th,\\x0d\\x0a.tablepress tfoot th {\\x0d\\x0a\\x09background-color: #ff0000;\\x0d\\x0a}&options[admin_menu_parent_page]=middle"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       [Tue Feb 28 14:30:07.358285 2023] [:error] [pid 29256:tid 123752810501888] [client 72.140.29.6:54846] [client 72.140.29.6] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.smm.pcvc.ca"] [uri "/wp-admin/admin-post.php"] [unique_id "Y-6Ab0N9834hG8B754itQwAAAAE"], referer: https://www.smm.pcvc.ca/wp-admin/admin.php?page=tablepress_options
       ```
   
 *  Thread Starter [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/)
 * (@pcvcadmin)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16515902)
 * After further working with Dreamhost support the issue is resolved in that the
   Server Internal Error no longer occurs. In terms of what support needed to do
   to resolve it he indicated “_Actually the Mod Security was tampering with that
   process, so I added the exceptions so you can continue with it._” 
   In any case
   I’m not sure if it is an issue to Dreamhost but I’m recording the resolution 
   in case anyone else encounters the same issue.
    -  This reply was modified 3 years, 3 months ago by [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/).
 *  Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/)
 * (@tobiasbg)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16517702)
 * Hi,
 * thanks a lot for looking into this so deeply!
 * From what I can see, this was indeed a Dreamhost server configuration problem.
   They have configured “mod_security” a security software similar like a firewall
   too strictly. It was then falsely recognizing the “head” text in the CSS code(
   as part of that full structure, e.g. with the comma and `{`) as being “malicious”,
   e.g. as in a hacking attempt. That software then intercepted your request to 
   save the CSS and returned the error.
 * So, adjusting the configuration of that software as done by the Dreamhost support
   agent is the right thing to do here.
 * Best wishes,
   Tobias
 *  Thread Starter [pcvcadmin](https://wordpress.org/support/users/pcvcadmin/)
 * (@pcvcadmin)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16520589)
 * Thanks for the work you put into this plugin Tobias. I’m glad that the cause 
   was finally determined. All the best.
 *  Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/)
 * (@tobiasbg)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16521230)
 * Hi,
 * no problem, you are very welcome! 🙂 Good to hear that this helped!
 * Best wishes,
   Tobias
 * P.S.: In case you haven’t, please rate TablePress [here](https://wordpress.org/support/plugin/tablepress/reviews/#new-post)
   in the plugin directory. Thanks!

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Custom CSS causes Internal Server Error’ is closed to new replies.

 * ![](https://ps.w.org/tablepress/assets/icon.svg?rev=3192944)
 * [TablePress - Tables in WordPress made easy](https://wordpress.org/plugins/tablepress/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/tablepress/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/tablepress/)
 * [Active Topics](https://wordpress.org/support/plugin/tablepress/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/tablepress/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/tablepress/reviews/)

 * 7 replies
 * 2 participants
 * Last reply from: [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/)
 * Last activity: [3 years, 3 months ago](https://wordpress.org/support/topic/custom-css-causes-internal-server-error/#post-16521230)
 * Status: resolved