WordPress.org

Make WordPress Core

Opened 16 years ago

Closed 16 years ago

#2125 closed defect (bug) (wontfix)

dbx cookies conflict with mod_security?

Reported by: dougal Owned by:
Milestone: Priority: low
Severity: normal Version: 2.0
Component: Administration Keywords: dbx.js mod_security cookies dbx-postmeta grabit advancedstuff
Focuses: Cc:

Description

I'm having an issue where a cookie set by the dbx.js libraries are causing mod_security to deny access to my pages. When this occurs, if I delete the 'dbx-postmeta' cookie from my browser, everything returns to normal.

Until I visit my Write page again. Has anybody else seen this?

Example content of the dbx-postmeta cookie:

grabit=0-,1-,2-,3-,4-,5-,6-&advancedstuff=0-,1-,2-

Change History (2)

#1 @dougal
16 years ago

  • Priority changed from normal to low

More info. I *think* that this might be caused by the fact that I upgraded my mod_security from 1.8.x to 1.9.x recently.

The mod_security SecFilterCheckCookieFormat directive has been deprecated, but was still present in my httpd_conf file. I replaced that with the SecFilterNormalizeCookies directive, and things seem to be okay now.

I'm resetting the priority of this ticket to low, and if nobody else hears about this type of problem soon, feel free to close it out.

#2 @matt
16 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Sounds like overactive rules. Closing...

Note: See TracTickets for help on using tickets.