WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

#14413 closed defect (bug) (invalid)

MOD_SECURITY BLOCK

Reported by: mrgerbeck Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: General Keywords: close
Focuses: Cc:

Description

Wordpress 3.0 Generates the following MOD_SECURITY2 error when attempting to use the "widgets" function:

[Sun Jul 25 03:21:23 2010] [error] [client 76.95.181.93] ModSecurity: Access denied with code 500 (phase 4). Pattern match "<b>Warning<
/b>.{0,100}?:.{0,1000}?
bon line
b" at RESPONSE_BODY. [file "/usr/local/etc/apache22/Includes/mod_security2/modsecurity_crs_50_outbound.conf"] [line "42"] [id "970009"] [msg "PHP Information Leakage"] [severity "WARNING"] [tag "LEAKAGE/ERRORS"] [hostname "[snip]"] [uri "/wp-admin/widgets.php"] [unique_id "[snip]"]

Change History (2)

comment:1 @dd325 years ago

  • Keywords close added
  • Severity changed from blocker to normal

Something is outputting a PHP warning on the page. Thats a pretty moronic Mod_security rule which would be better served with the production server running with appropriate PHP error_reporting value.

If you're running WP_DEBUG on that server, you'll need to disable it in order to view any pages which emit PHP Warnings.

Can you check your Logs to see if a PHP Warning is being logged? It might help pinpoint if it a WordPress generated warning, or the result of a plugin. (Actually, Disable plugins & switch to the default theme, see if that lets you view the page)

comment:2 @nacin4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.