[pmwiki-users] Problem editing pages -- mod_security the cause?

Petko Yotov 5ko at 5ko.fr
Fri Mar 27 07:57:54 CDT 2009

On Friday 27 March 2009 13:24:20 Christian Ridderström wrote:
> On Thu, 26 Mar 2009, Christian Ridderström wrote:
> > Here's what I found in the error log:
> >
> > [Thu Mar 26 00:18:34 2009] [error] [client] ModSecurity:
> > Access denied with code 400 (phase 2). Pattern match
> > "\\\\%(?!$|\\\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:text. [id
> > "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"]
> > [hostname "wiki.lyx.org"]
> > [uri "/LyX/LyxFunctions?action=edit"] [unique_id
> > "t-bZsNTJRSsAAFdQ568AAAAB"]
> Further investigations indicate that the problem is that mod_security
> detects a '%' in one of the POSTed arguments, i.e. the argument that
> contain the wiki markup for the page.
> This means that with the current configuration of ModSecurity, it will
> protest whenever you try to save a page containing a '%' in the markup.
> *sigh*
> ModSecurity is presumably there for a reason.. so: Does anyone have any
> experience on how to deal with this kind of situation? Or simply ideas?

Please see :

You can also search the mailing list archives :

This is a frequent question, and unfortunately sometimes nothing can be done. 
A hosting provider using mod_security to block percents is overly paranoid, 
and their competence can be questioned.

You need to add percent signs, both to use PmWiki's %style% markup, and to 
link to some external sites like Wikipedia. And most likely other software 
(wiki, blogs, CMS) will also have problems.


More information about the pmwiki-users mailing list