mod_security – would these rules break WP ?

Resolved linickx
(@linickx)

20 years, 8 months ago

Hi,
I’m trying to troubleshoot why my blog (www.linickx.com/blog) is blank, I’ve gone through the usual stuff, am running the latest version, db-connection, plugin’s & themes etc, etc, and still no joy. :’-(

My ISP changed something, but are being very very “sketchy” with the details; they’ve sent me these mod_security rules, could any of them break WordPress ?

<quote>
Hi,

I have found a chunk of code that might be of use to you, this is all
the functions that are bloced through httpd.conf:

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST “wget “
SecFilterSelective THE_REQUEST “lynx “
SecFilterSelective THE_REQUEST “scp “
SecFilterSelective THE_REQUEST “ftp “
SecFilterSelective THE_REQUEST “cvs “
SecFilterSelective THE_REQUEST “rcp “
SecFilterSelective THE_REQUEST “curl “
SecFilterSelective THE_REQUEST “telnet “
SecFilterSelective THE_REQUEST “ssh “
SecFilterSelective THE_REQUEST “echo “
SecFilterSelective THE_REQUEST “links -dump “
SecFilterSelective THE_REQUEST “links -dump-charset “
SecFilterSelective THE_REQUEST “links -dump-width “
SecFilterSelective THE_REQUEST “links http:// “
SecFilterSelective THE_REQUEST “links ftp:// “
SecFilterSelective THE_REQUEST “links -source “
SecFilterSelective THE_REQUEST “mkdir “
SecFilterSelective THE_REQUEST “cd /tmp “
SecFilterSelective THE_REQUEST “cd /var/tmp “
SecFilterSelective THE_REQUEST “cd /etc/httpd/proxy “
SecFilterSelective THE_REQUEST “/config.php?v=1&DIR “
SecFilterSelective THE_REQUEST “/../../ “
SecFilterSelective THE_REQUEST “&highlight=%2527%252E “
SecFilterSelective THE_REQUEST “changedir=%2Ftmp%2F.php “
</quote>

Cheers.

Viewing 15 replies - 1 through 15 (of 17 total)

1 2 →

skippy
(@skippy)

20 years, 8 months ago

I get a 404 at http://www.linickx.com/blog/, and not a blank page.

The mod_security rules above are only likely to cause problems if you use any of those terms in the body of a post.

Thread Starter linickx
(@linickx)

20 years, 8 months ago

Hum, must be a firefox/i.e. difference, 😉 I’ve set custom 404 pages on the server if you go to a page that doesn’t exist (e.g http://www.linickx.com/blah ) – In firefox I get a blank page or “page contains no data” .

Re: mod_security, I guess you mean that the default install of WP doesn’t use any of those then. 🙁

Shame, I’ll have to keep digging then.

Cheers.

skippy
(@skippy)

20 years, 8 months ago

I’m using Mozilla Firefox on Debian GNU/Linux, and I see your 404 page, not a blank page.

Yes, the default WordPress installation should not trigger any of those mod_security rules.

Thread Starter linickx
(@linickx)

20 years, 8 months ago

Weird that’s not what my Fedora4 version does 🙂

Thanks skippy.

skippy
(@skippy)

20 years, 8 months ago

Okay; I’m seeing blank pages now. No clue what happened between earlier and now to cause this.

I see that even wp-login.php produces a mostly-blank page. Same for /wp-admin/install.php and /wp-admin/upgrade.php. All three of those files should at least show something.

Do any PHP files work on your site? Can you save the following as php.php and put it in the root of your WordPress site:
<?php phpinfo(); ?>

Thread Starter linickx
(@linickx)

20 years, 8 months ago

Wow , thanks skippy you’re being really helpful, my site has been down for a week now & it’s really depressing.

phpinfo = http://www.linickx.com/dbtest/phpinfo.php

I even wrote a small DB test script (which works) I’m really stumpted, and my ISP isn’t really helping much 🙁
(DB test http://www.linickx.com/dbtest/wp-dbtest.php )

Cheers.

skippy
(@skippy)

20 years, 8 months ago

I’m sorry to say that I’m out of ideas for the moment. If your host is being unhelpful, it may be time to find a new host. There’s loads of them that are available, and offer superb support.

I’m trying to think through what could be causing the problem.
* Everything used to work before ISP did stuff
* PHP works
* PHP can talk to MySQL

So, what would cause WordPress to display nearly blank pages? Alas, I don’t know.

Thread Starter linickx
(@linickx)

20 years, 8 months ago

I fear you might be right, it’s a shame since I’ve still got over 6months left on my contract with them.

Thanks for your help anyway 🙂

alansmithee
(@alansmithee)

20 years, 8 months ago

Now put your phpinfo file in the blog directory.

Thread Starter linickx
(@linickx)

20 years, 8 months ago

Done.

http://www.linickx.com/blog/phpinfo.php

y ? :-S

Mark (podz)
(@podz)

20 years, 8 months ago

Theme ?
Change themes, try new themes.

Thread Starter linickx
(@linickx)

20 years, 8 months ago

Hi Podz, can’t change the theme as the admin pages don’t load (http://www.linickx.com/blog/wp-admin). Is there a way to do if from within the DB ?

Mark (podz)
(@podz)

20 years, 8 months ago

There is, but the admin uses different css so if that does not load it just shows the problem lies deeper.

Peter Westwood
(@westi)

20 years, 8 months ago

linickx: Can you check the file ownership and permissions on the WordPress files. If all the PHP files that you have created since they changed something are working but the WordPress ones are not then something must be different between them.

I know that some hosts require particular permissions on php ( and other script files) before they are able to run – this maybe what is causing you problems.

alansmithee
(@alansmithee)

20 years, 8 months ago

Because linking to any other php I assume would be there doesn’t behave as I espected – blank or otherwise so at first I thought it was a rewrite problem, but now perhaps some permissions or something may have changed on your old files?