Category Archives: Uncategorized

Mod_security, how I hate thee, let me count the ways

I spent several hours dealing with a 501 Method Not Implemented page. The error on the page was ‘GET to /wp-admin/post.php not supported. I came across lots of posts on disabling mod_security, none of which worked for me. So I sent a message to my host and they confirmed they did run mod_security and my post I was trying to update (on .rpm and .deb) was matching a rule. My error log in cPanel didn’t show anything, but the host saw:

Message: Access denied with code 501 (phase 2). Pattern match “(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)” at ARGS:content. [file “/usr/local/apache/conf/modsec_rules/10_asl_rules.conf”] [line “225”] [id “390709”] [rev “11”] [msg “ – FREE UNSUPPORTED DELAYED FEED – WAF Rules: Attempt to Access protect file Remotely”] [data “/etc/”] [severity “CRITICAL”]

So they disabled the rule and presto, I could update my post.