Haven’t blogged in a long while but trying to start and thought this may be useful to some people coming in from searches.
Had a frustrating problem with ModSecurity being a bit over protective of a server recently.
I had installed Web Invoice – Invoicing and billing for WordPress and every time i went into the backend of my website, the website would go down as my IP address had been blocked from the server.
Looking through the logs i found
[Tue Mar 01 15:49:17 2011] [error] [client 78.144.59.18] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "www.***.co.uk"] [uri "/wp-content/plugins/web-invoice/js/jquery.cookie.js"] [unique_id "vSSsv1n-hF8AAARu-LYAAAAF"]
After some googleing and a vauge understanding of what was going on i found that ModSecurity was blocking access to the file because it contained the word “Cookie”
To fix this i renamed the file
/wp-content/plugins/web-invoice/js/jquery.cookie.js
to
/wp-content/plugins/web-invoice/js/jquery.wookie.js
And then edited the php file
/wp-content/plugins/web-invoice/web-invoice.php
on line 725 from
wp_enqueue_script(‘jquery-cookie’,$this->uri.”/js/jquery.cookie.js”, array(‘jquery’));
to
wp_enqueue_script(‘jquery-cookie’,$this->uri.”/js/jquery.wookie.js”, array(‘jquery’));
Problem solved and i can get on with invoicing people without the headache of the server thinking i’m attacking it!
Please drop a comment if this has helped you.
Post a comment