[pmwiki-users] Problem editing pages -- mod_security the cause?

Christian Ridderström christian.ridderstrom at gmail.com
Fri Mar 27 07:24:20 CDT 2009

On Thu, 26 Mar 2009, Christian Ridderström wrote:

> Here's what I found in the error log:
> [Thu Mar 26 00:18:34 2009] [error] [client] ModSecurity: 
> Access denied with code 400 (phase 2). Pattern match
> "\\\\%(?!$|\\\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:text. [id "950107"] 
> [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname 
> "wiki.lyx.org"]
> [uri "/LyX/LyxFunctions?action=edit"] [unique_id "t-bZsNTJRSsAAFdQ568AAAAB"]

Further investigations indicate that the problem is that mod_security 
detects a '%' in one of the POSTed arguments, i.e. the argument that 
contain the wiki markup for the page.

This means that with the current configuration of ModSecurity, it will 
protest whenever you try to save a page containing a '%' in the markup. 

ModSecurity is presumably there for a reason.. so: Does anyone have any 
experience on how to deal with this kind of situation? Or simply ideas?


Christian Ridderström				Mobile: +46-70 687 39 44

More information about the pmwiki-users mailing list