Hi,
I'm running 4.1.12. I've noticed modsec is working on most accounts on our shared server, but not on some of them. It's very odd...
I'm throwing this out there, but I noticed it works on all WordPress sites that have a working .htaccess file.
It doesn't seem to be working on standard html sites. However it does work properly when I switch to apache
My method for testing this is by running:
http://domain.com/foo.php?foo=http://www.example.com
If the above gives 404 modsec is not working
If it gives a 403 then it is working, and I have verified this by watching the error_log which displays the activated modsec rule
Any ideas?
[UPDATE]
I have actually verified this.
I added an empty index.php file to an account that was not working. (this account has basic html files).
I also added an .htaccess file containing the basic wordpress .htaccess file of :
After I've done that and test modsec again it creates a 403 error and appears to be working..
As soon as I remove the .htaccess file or index.php file, it stops working and displays a 404 instead.
Again, this is tested by looking to see if a 404 or 403 error appears on this URL: http://domain.com/foo.php?foo=http://www.example.com
I'm running 4.1.12. I've noticed modsec is working on most accounts on our shared server, but not on some of them. It's very odd...
I'm throwing this out there, but I noticed it works on all WordPress sites that have a working .htaccess file.
It doesn't seem to be working on standard html sites. However it does work properly when I switch to apache
My method for testing this is by running:
http://domain.com/foo.php?foo=http://www.example.com
If the above gives 404 modsec is not working
If it gives a 403 then it is working, and I have verified this by watching the error_log which displays the activated modsec rule
Any ideas?
[UPDATE]
I have actually verified this.
I added an empty index.php file to an account that was not working. (this account has basic html files).
I also added an .htaccess file containing the basic wordpress .htaccess file of :
Code:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPressAs soon as I remove the .htaccess file or index.php file, it stops working and displays a 404 instead.
Again, this is tested by looking to see if a 404 or 403 error appears on this URL: http://domain.com/foo.php?foo=http://www.example.com
Last edited: