Apache Mod_Security: Whitelisting WordPress

March 26th, 2009 | No Comments »


This post is inspired by the true events of March 26, 2009 as a fellow web developer and I spent the better part of the day working out why the web server his installation of WordPress lives on was returning a 500 Internal Server Error whenever he tried to create a new Page by cutting and pasting HTML. It turns out a poorly formed rule in the default cPanel Mod_Security installation was throwing false positives as it matched the content of what he was posting to a rule denying a specific kind of SQL Injection Attack. But as is often the case in the behind-the-scenes world of web development one solution only leads to a new problem. This account is posted to document the problem(s) and solution(s) we worked out that day.
Read more →