Jamie

I need to change what I said before. Instead of changing the rule to add just a ; at the end of application/x-www-form-urlendcoded you need to add ;? this will match zero or 1 ; as adding the ; at the end will block all posts that don’t have a ; in the Content-Type field.

The problem is how the mod_security rules are set up. If it’s your own server then go in to http.conf and change the rule

# Only accept request encodings we know how to handle
# we exclude GET requests from this because some(automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;|^text/xml;)"

to

`
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply “text/html” as Content-Type
SecFilterSelective REQUEST_METHOD “!^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Type “!(^application/x-www-form-urlencoded;|^multipart/form-data;|^text/xml;)”

The problem is that WP is adding a content encoding after the type and the mod_sec rules are expecting nothing after the type.


Content-Type: application/x-www-form-urlencoded; charset=UTF-8


Replace the $ with a ;.

If it’s not your server then contact the administrator so they can change the rule to let the request through.

Specks