[pmwiki-users] Wierd Problem with the Text of a page

Patrick R. Michaud pmichaud at pobox.com
Mon Oct 9 14:32:35 CDT 2006


On Mon, Oct 09, 2006 at 02:15:19PM -0400, Charles Little wrote:
> Hello-
> 
> A user of my wiki posted text to a page, and for some reason, after it
> was there, when anyone attempted to edit the page, it resulted in a
> 403 error - forbidden.  I tried everything- pasting the text into a
> new page, deleting the page using 'delete' then recreating it,
> deleting the actual file from the wiki.d directory... nothing worked.
> But then I pasted the page bit by bit into the editor, saving after
> each change, I finally figured out it was this line that caused
> problems
> 
> * [[http://wikihost.org/wikis/jurt/programm/gebo.prg?&name=start&stay=dyn|Kris's
> Jurt Wiki]]

I suspect your Apache server is running with mod_security enabled, and 
that something within the above line is triggering one of mod_security's
rules so that it disallows the post.

Here's the FAQ from PmWiki.Troubleshooting:

  Q: Some of my posts are coming back with "403 Forbidden" errors or 
     "Not Acceptable"? This happens with posts containing "wget", "curl", 
     "file(" or ...

  A: Your webserver probably has mod_security enabled. The mod_security 
     "feature" scans all incoming posts for forbidden words or phrases 
     that might indicate someone is trying to hack the system, and if 
     any of them are present then Apache returns the 403 Forbidden error. 
     Common phrases that tend to trigger mod_security include "curl ", 
     "wget", and "file(", although there are many others.

     Since mod_security intercepts the requests and sends the "forbidden" 
     message before PmWiki ever gets a chance to run, it's not a bug in 
     PmWiki, and there's little that PmWiki can do about it. Instead, 
     one has to alter the webserver configuration to disable mod_security 
     or reconfigure it to allow whatever word it is forbidding. Some 
     sites may be able to disable mod_security by placing 
     "SecFilterEngine off" in a .htaccess file. 

Hope this helps,

Pm




More information about the pmwiki-users mailing list