Upgrade to 2.2 – Dashboard not working

Okay folks before trying yourself or even deactivating Mod_Security completely after all, please contact your admin or the person who is in charge for the Mod_Security setup. This is an fault in the default setup most often.

If you get 403 errors in the backend related to Ajax Requests while the requested files exist and are requestable with your browser, this looks like Mod_Security is handling the Ajax Request as a false-positive. This is often the case beacause a specific set of Mod_Security rules does not allow the request like it is done by the Ajax-Library of WordPress. You can fix this quite fast if you (or your admin) has access to the Mod_Security Setup.

There is a Pattern that must be extended. In a Post above it is shorted. Even this works as well, I would not recommend it, because it leaves a lot of other requests open – and this does not work well with whitelisting.

This was the Message I got:
mod_security-message: Access denied with code 403. Pattern match “!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)” at HEADER

It contains a Regular Expression:
!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)

Because the Ajax Library WordPress uses send it request with the header “application/x-www-form-urlencoded; charset=UTF-8” it is not matched against that regex.

FIX: Tell your admin to add that string to the regex:

|^application/x-www-form-urlencoded; charset=UTF-8$

Now the Header matches against that rule and everything is fine.

NEW FIX: I tried all the .htaccess fixes none worked … I then looked at my error log (not the screen error) and found: Directory index forbidden by Options directive

So I went into the apache config file and added

<Directory />
Options All
AllowOverride AuthConfig
</Directory>

to my virtual host for wordpress

my login then gave me the listing of all files in wp-admin instead of directly to “index” but clicking on index got me IN.

So for those do-it-your-selfers whose motto is: “A little knowledge is a dangerous thing, BUT EXCITING AS HELL. There you go.

Hi GlennMetcalf, I do not know exactly about which error you’re writing but as much as I read you’re not talking about a Mod_Security related configuration Issue. What you suggest does not work for all of the Errors discussed about in this thread.

I tried the fixes for this error but received the following once I edited my .htaccess file:

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I’m having this problem still on wordpress 2.3.1 and I tried the fix as well – but it gave an error. does anyone else have a newer fix to this?

for the persons who still want a solution and all write here don′t work , I explain here
https://www.ads-software.com/support/topic/121982?replies=9#post-673242
how to make it works.

Hi,
It has been a hard time figuring out this. If you run your own server like I do it was simple. I run Apache in chrooted environment (yes, I was hacked once, never since) so my security was set up very tight. I could not get mod_security to accept the wp header sent from admin-ajax.php so I set up this in mod_security.conf:

SecRule REQUEST_METHOD “!^(GET|HEAD)$” chain
SecRule HTTP_Content-Type “!(^application/x-www-form-urlencoded$|^multipart/form-data|^application/x-www-form-urlencoded*;)”

Now I don’t see how this is a security hole to accept anything after “application/x-www-form-urlencoded” but would be glad for any commennts. At least once again WP 2.3.3 works fine for deleting posts, pages, categories.
/asle

Well while all are jumping in I’ll settle down with a beer and popcorn and wait for a result…!! Heehee

I cannot delete my posts. Unlike previus versions, 2.3.3 is missing the DELETE function in Manage/Posts

Only way to delete a post is therefore to go into Edit & scroll down to bottom of post and hit the Delete this draftbutton.

But this only gets me a notification out of post.php:

You are not allowed to delete this post.

So how do I delete posts? And why can’t I? And before I get dumped on, I have read this thread and none of it explains why I cannot delete a thread.

And I cannot go back to Dashboard from Manage or any of the other function in the Dashboard menu.

I get this error:

Warning: main() [function.main]: Unable to access ./wp-blog-header.php in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Warning: main(./wp-blog-header.php) [function.main]: failed to open stream: No such file or directory in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Fatal error: main() [function.require]: Failed opening required ‘./wp-blog-header.php’ (include_path=’.:/usr/php4/lib/php’) in /home2/iscatte/public_html/wp-content/plugins/index.php on line 4

Is there perhaps some stuff missing in the 2.3.3 upgrade?

Is there perhaps some stuff missing in your 2.3.3 upgrade?

<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule>

thanks..its working for me