TinyMCE + Wordpress + Mod_Security/WAF

quadium

Verified User
Joined
Sep 29, 2007
Messages
41
Hello,

Have a problem with a wordpress install with tinymce getting the following error:

Untitled-3.jpg

Centos 6.9, Apache 2.4.34, MySQL 5.6.38, Php 5.6.37.

csf v12.06, Comodo WAF 2.23

Already tried bypassing mod_security which had no effect. Not seeing the ip's that get the error in the Apache error log.
 
Hello,

Check .htaccess file for possible security hardening which denies loading files from wp-includes/
 
Just the normal Wordpress code it seems.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
 
.htaccess in wp-includes/? Settings in apache's virtual host file?

Permissions? Files/directory owners?
 
Permissions are 644, the user and group are all set properly to the user account.

htaccess in wp-includes is:
<Files wp-tinymce.php>
allow from all
</Files>
<Files ms-files.php>
allow from all
</Files>
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<Files wp-tinymce.php>
Allow from all
</Files>
<Files ms-files.php>
Allow from all
</Files>

Virtual hosts shouldn't have been modified... should be stock Directadmin.
 
Here is it:


Code:
<FilesMatch "\.(?i:php)$">
[COLOR=#ff0000]   <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
   </IfModule>[/COLOR]
[COLOR=#ff0000]   <IfModule mod_authz_core.c>
        Require all denied
   </IfModule>[/COLOR]
</FilesMatch>
<Files wp-tinymce.php>
      Allow from all
</Files>

you might remove it.

But it's up to you to keep the installation updated and secured...
 
Back
Top