Very annoying bug with Mod_Security and WP Super Cache
-
Hello guys,
I am a hosting company owner and have noticed a very annoying bug with the plugin that has caused problems for my clients (many of them).
I’ll summarize:
- Someone accesses a blog page with an address forbidden by mod_security, for example:
https://www.test.com/page/1/?s=%2FCore%2FFile%2FuploadPictureBase64.html - Modsecurity blocks the request with error 403
- WP Super Cache caches this request anyway, including the malicious address: /?s=%2FCore%2FFile%2FuploadPictureBase64.html
- All links on this page will contain the malicious address after that, even if the user accesses the normal link, example: /page/1/
- This especially affects paging, and innocent users end up blocked by mod_security because the malicious link was in the cache
The “Don’t cache pages with GET parameters. (?x=y at the end of a url)” option makes no difference in this case. It seems not work.
- Someone accesses a blog page with an address forbidden by mod_security, for example:
- The topic ‘Very annoying bug with Mod_Security and WP Super Cache’ is closed to new replies.
