Apache Mod Security Remote File Injection Attempt jEditable

Another server migration and another error with one of my applications!

This took ages to figure out and needs to be remembered. With the latest version of mod security you can’t run any AJax calls that pass just a URL as a variable.

For example value=http://vimeo.com throws the following error with mod_security.

[msg "Atomicorp.com UNSUPPORTED DELAYED Rules: URL detected as argument, possible Remote File Injection attempt detected"] [data "TX:1"] [severity "CRITICAL"]

Even if the URL is escaped it still throws this error which is very annoying. The only way I could fix it was by applying this patch to jEditable around line 335.

submitdata[settings.name] = input.val().replace(‘http’, ‘ http’);

This basically adds white space to the first occurrence of http which means the AjAx URL that is now submitted looks like value=+http://vimeo.com etc. By just having the + lets me beat mod security. Then on your server end if you run a trim() function you won’t get any white space of death anyway.


Leverage Browser Caching

Here is a very useful .htaccess snippet to leverage browser caching and help improve website speed.

<IfModule mod_expires.c>

# Enable expirations
ExpiresActive On

# Default directive
ExpiresDefault "access plus 1 month"

# My favicon
ExpiresByType image/x-icon "access plus 1 year”

# Images
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"

ExpiresByType text/css "access 1 month”

# Javascript
ExpiresByType application/javascript "access plus 1 year"


Source: http://fortheloveofseo.com/blog/performance/leverage-browser-caching-how-to-add-expires-headers/

cPanel Redirect and Word Press Mod Rewrite Problem

Recently I decided to change one of my permalinks on my site from /tests to /reviews. I also set up a redirect on cPanel to redirect any traffic from /tests to /reviews this is essential as Google has already indexed /tests so setting up a 301 redirect will tell Google the page has moved and avoid a nasty 404 page not found error.

However this didn’t work once I made the redirect in cPanel I got a Word Press 404 error for both /tests and /reviews! This is because the redirect rule in your .htaccess file is added at the bottom of the file after Word Press’s mod rewrite rules. Simply add the cPanel redirect rule above the Word Press mod rewrite rule and all shall be fixed again.


Apache Mod Security SQL Injections and Variable Names

We recently upgraded our server which was running a higher version of apache Mod Security. One of my jQuery edit in line HTTP POST requests was suddenly returning a 406 Not Acceptable error which was pretty annoying.

It was because I was using a variable called type=varChar which was used to define what sort of data was being sent. Apache Mod Security was flagging this as:

[msg "SQL Injection Attack"] [data "varchar"]

So I changed all occurences of varChar to vc which has now fixed the issue.

Will remember in future to never use variable names like that again.

Fixing the http upload problem if you password protect the wp-admin folder via Apache

Best post this as its quite a handy trick. If you ever password protect the wp-admin directory via Apache (which is a good thing to help stop hacking attempts) you will notice it breaks the uploading of any media.

Just add the below rules to your .htaccess file inside the wp-admin directory.

<Files "*">
Require valid-user

<FilesMatch async-upload.php>
Allow from all
Satisfy any