David J Rice

Okay, so the overzealous mod_security rule will block any attempt to create a page/article/comment (anything really) with a unix command, followed by a space.

Obviously mod_security is great when it comes to keeping down referrer spam etc…. however attempting to write an article about ssh without mentioning it is a tough task indeed :)

The error you’re likely to see is

Precondition Failed The precondition on the request for the URL /admin/content/preview evaluated to false.

Workarounds

You can easily get round this by writing code blocks something like the following ( i use markup) However it’s not a permanent solution… and you’re blog could be taken out if someone mentions it in a comment.

`ssh`&nbps;`user@domain.com`

If you’re serving you’re site via apache, you can turn off mod_security in a .htaccess file. However if you’re proxying to lighttpd from apache, then you’ll need to open a support ticket and turn off mod_security for the whole domain. See the textdrive helpdesk article for more information.

Update

So there’s a better workaround, the guys at textdrive cooked up a custom rule to ignore the unixy command names so my blog is nerd-speak safe.

SecFilterSelective POST_PAYLOAD "uname|echo|kill|chmod|ls|zsh|csh|                               
                                 tcsh|rsh|ksh|wget|lynx|scp|ftp|cvs|
                                 rcp|telnet|ssh|links|mkdir|ps" 
                            allow,nolog

ideally this woud all be on one line.

Correct me if i’m wrong but i’m sure that was added to the apache2.conf, as it had to be caught before passing through to lighttpd.