Empty Spam Button Leads to 403 Forbidden Error

  • Resolved linux4me2

    (@linux4me2)


    9 years, 3 months ago

    I’m using version 3.1.3 of Akismet.

    When I log in as an admin and go Comments -> Spam, then click the Empty Spam button, I get a page with a 403 error. I can delete spam comments individually, but when I try to bulk delete them, I get the 403 error just as with the Empty Spam button.

    I’m running the most recent version of the Twenty Ten theme, and I tried disabling all plugins, but I still get the 403.

    I checked my /public_html/.htaccess, and tried commenting out everything but the WordPress section, but no joy.

    I also tried deleting the .htaccess in the Akismet plugin folder temporarily, but that still didn’t help.

    Any ideas will be appreciated.

    https://www.ads-software.com/plugins/akismet/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter linux4me2

    (@linux4me2)

    It turns out this is not an Akismet issue. Sorry about that.

    The problem is that the Empty Spam button is using a URL that triggers the Mod Security OWASP rule# 950901.

    I’m looking for solutions.

    Plugin Author Christopher Finke

    (@cfinke)

    Thanks for following up; I was just about to dig into this.

    Thread Starter linux4me2

    (@linux4me2)

    I’m glad I caught you before you did.

    If you’re interested, there is a bunch of information in this cPanel Forum thread.

    In short, some of the rules in the OWASP rule set appear to cause some false positives with popular CMSs, WordPress included. I have only had a problem with a single rule, unlike the posters in that thread.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Empty Spam Button Leads to 403 Forbidden Error’ is closed to new replies.