Just re-read the title and it sounds like science fiction B movie title.. Oh well.
After running this for a while and having played with all the possible options in WordPress here is my final Mod_Security custom file.
This is saved as /etc/httpd/modsecurity.d/modsecurity_crs_15_customrules.conf on my system but may be different on yours.
I would like to send this interesting info to the ModSecurity mailing list. Can you specify (and e-mail me) which version of WordPress, ModSecurity and core rules you are using?
This is for mod_security-2.5.0 and WordPress 2.7. I am not convinced this is the best way to do it from a security point of view but it does get people up and running quickly without disabling ModSecurity Server Wide.
Answering this question has brought it to my attention that the repo I am using for mod_security is out of date and version 2.5.5 has a fix for one of the WordPress problems. Time to find a better repo for mod_security or start creating my own RPM’s again. Thanks Ofer.
“Hmmm, your comment seems a bit spammy”
are you kidding me? if this is wp-spamfree causing it, then it sucks too.
GOD, get your regex’es right. root @ domain is a prefectly valid email address. shoot yourselves.
PS: I wanted to write about the issues I have with mod_security and all my scripts (including joomla) but seems you are running a tight anti-comment system here.
Hi Ciuly, you are the first person to complain about this, I have read through the source and you are correct root@* is one of the blocked email addresses and I can see why from my log.
So far this week over 100 spam comments have been blocked from root@ addresses and as far as I can see yours is the first that wasn’t spam.
Your last to comments got through ok, so if you ask your question I will of course do my best to answer.
Mod_security is a complete waste of time since they went commercial. If you search for a good ruleset you won’t find it; unless you pay up. Thanks, but no thanks. Hardening works better for me.
I am sorry to disagree with you. The core ruleset it still a valuable tool and with a few extra custom rules add a worthwhile layer to the security toolchest. I shan’t be dropping it any time soon.