modsecurity prevents WP Githuber MD from working #382
Comments
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 2 days. |
|
This issue is still valid, we should keep it open. |
|
|
|
This plugin is likely no longer actively maintained. My WAF suggested that I delete it since it has been removed from the plugin marketplace. However, I have used it frequently over the past two years. Although I don’t know the reason behind the discontinuation of its maintenance, I appreciate the developer’s work on it. |
|
I don't think it's been removed from the plugin marketplace. I think it's just been temporarily disabled The Wordpress plugin page https://wordpress.org/plugins/wp-githuber-md/ says
@terrylinooo Do you know what their issue with your plugin is? |
(see also coreruleset/wordpress-rule-exclusions-plugin#60 )
Describe the bug
The modsecurity web application firewall (WAF) which is often used in Apache and Nginx, prevents WP Githuber MD from working because it triggers a false positive due to the
h2m_strip_tagsargument.The WAF see's the argument which contains the string
strip_tagsand thinks it's a PHP Injection Attack.I'm reporting this, not necessarily because something should be changed/fixed in WP Githuber MD, maybe just to add it to the known issues.
To reproduce
Steps to reproduce the behavior:
Expected behavior
Ideally modsecurity wouldn't block the POST and would allow the user to post pages using WP Githuber MD
Server environment
User environment
Additional context
Logs can be seen in the issue opened with the wordpress-rule-exclusions-plugin modsecurity CRS plugin coreruleset/wordpress-rule-exclusions-plugin#60
The text was updated successfully, but these errors were encountered: