Mod security and wordpress the final config
Just re-read the title and it sounds like science fiction B movie title.. Oh well.
After running this for a while and having played with all the possible options in Wordpress here is my final Mod_Security custom file.
This is saved as /etc/httpd/modsecurity.d/modsecurity_crs_15_customrules.conf on my system but may be different on yours.
<LocationMatch “/wp-includes/js/tinymce/plugins/spellchecker/rpc.php”>
SecRuleRemoveById 960010
SecRuleRemoveById 960012
</LocationMatch>
<LocationMatch “/wp-includes/”>
SecRuleRemoveById 960010
SecRuleRemoveById 960012
SecRuleRemoveById 950006
</LocationMatch>
<LocationMatch “/wp-admin/post.php”>
SecRuleRemoveById 950006
</LocationMatch>
<LocationMatch “wp-admin/options.php”>
SecRuleRemoveById 950006
</LocationMatch>
<LocationMatch “wp-admin/theme-editor.php”>
SecRuleRemoveById 950006
</LocationMatch>
4 Responses to “Mod security and wordpress the final config”
I would like to send this interesting info to the ModSecurity mailing list. Can you specify (and e-mail me) which version of WordPress, ModSecurity and core rules you are using?
Thanks
Comment made on February 2nd, 2009 at 14:12~ Ofer
This is for mod_security-2.5.0 and WordPress 2.7. I am not convinced this is the best way to do it from a security point of view but it does get people up and running quickly without disabling ModSecurity Server Wide.
Answering this question has brought it to my attention that the repo I am using for mod_security is out of date and version 2.5.5 has a fix for one of the WordPress problems. Time to find a better repo for mod_security or start creating my own RPM’s again. Thanks Ofer.
Comment made on February 2nd, 2009 at 15:52“Hmmm, your comment seems a bit spammy”
are you kidding me? if this is wp-spamfree causing it, then it sucks too.
GOD, get your regex’es right. root @ domain is a prefectly valid email address. shoot yourselves.
PS: I wanted to write about the issues I have with mod_security and all my scripts (including joomla) but seems you are running a tight anti-comment system here.
Comment made on November 1st, 2009 at 17:26Hi Ciuly, you are the first person to complain about this, I have read through the source and you are correct root@* is one of the blocked email addresses and I can see why from my log.
So far this week over 100 spam comments have been blocked from root@ addresses and as far as I can see yours is the first that wasn’t spam.
Your last to comments got through ok, so if you ask your question I will of course do my best to answer.
Comment made on November 4th, 2009 at 18:12Leave a Comment