Possibly Jonathan's issue with posting content

Skip to first unread message

Daniel Bachhuber

Apr 13, 2011, 7:36:28 PM4/13/11
to CoPress Support
Hooray for infinitely expansive Google email

Begin forwarded message:

From: Miles Skorpen <mi...@copress.org>
Date: 09 June 2009 4:45:17 PM EDT
To: Daniel Bachhuber <dan...@copress.org>
Subject: Fwd: [Liquid Web, Inc. support ID# 1482018] Re: [Liquid Web, Inc. support ID# 1482018] Re: [Liquid Web, Inc. support ID# 1482018] Re: [Liquid Web, Inc. support ID# 1482018] Re: mod_security

Begin forwarded message:

To figure out what the rule ID being triggered was I ran the following

 tail /usr/local/apache/logs/modsec_audit.log

which returned: --97a7c73b-H-- Message: Access denied with code 500 (phase 2).
Pattern match
at ARGS:content. [file "/usr/local/apache/conf/modsec2.user.conf"] [line
"355"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"]
[severity "CRITICAL"] Action: Intercepted (phase 2) Stopwatch:
1233185129379248 482649 (109716* 122107 -) Producer: ModSecurity for
Apache/2.5.7 (http://www.modsecurity.org/). Server: Apache/2.0.63 (Unix)
mod_ssl/2.0.63 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4
FrontPage/ PHP/5.2.6

[id "300016"] is what I needed. I then had to create a .conf file at the
following location to be complaint with cpanel (not the directories past
"conf" did not previously exist):


Inside this file, which I named "modsec2_300016_disable.conf" I placed the

 <LocationMatch "/">
  SecRuleRemoveById 300016

Now, I had to run a few cpanel scripts to make sure that it would accept the
custom vhost entry we made above and that the new entry would be persistent
through various apache reconfigurations/recompiles.

Check to make sure cpanel will accept the custom vhost:
 /scripts/ensure_vhost_includes --user=thewhit

Save the httpd.conf configuration changes made by the above script so they are

 /usr/local/cpanel/bin/apache_conf_distiller --update

Then one last restart of apache just to make sure everything is working as

 /etc/init.d/httpd restart

Jonathan Morgan

Apr 13, 2011, 8:04:52 PM4/13/11
to cop...@googlegroups.com, Daniel Bachhuber
Awesome.  Thank you all for the help.  It is much appreciated!

You received this message because you are a part of CoPress (http://www.copress.org/).
- To post a message to this group, send email to cop...@googlegroups.com
- To unsubscribe from this group, send an email to copress+u...@googlegroups.com
- For more options, visit this group at http://groups.google.com/group/copress
- Get connected on Twitter http://www.twitter.com/copress or Facebook http://www.facebook.com/copress

"The man with the new idea is a Crank until the idea succeeds."
- Mark Twain, from 'Following the Equator: A Journey Around the World'

Jonathan Morgan

Apr 19, 2011, 11:07:11 AM4/19/11
to cop...@googlegroups.com, Daniel Bachhuber
Well, after mucking around with server configuration, it looks like this one was a remnant of my brief use of Wordpress MU before I switched to Wordpress 3.  There is a plugin called Unfiltered MU that used to keep the editor from stripping out HTML in Wordpress MU (I guess the plain old wordpress had similar code integrated into it, but it didn't work right in MU).

Right when I first installed, I chucked that plugin in the mu-plugins directory sort of as a reflex, and then forgot it was there.  Removing it seems to have fixed the problem with truncation.

Wanted to throw it out there as another potential cause of truncation, in case others run into this.

Reply all
Reply to author
0 new messages