Damn you mod_security!

So I was attempting to write this series of SSL guides last week when I hit upon a problem, after playing around with Cygwin for a while I decided to update the first part of the series to use a different path to store the certificates as it made more sense and would be pretty common for anyone with any linux experience. Upon trying to save the updated posts however I kept getting 404 errors from WordPress, very odd as I hadn’t changed anything.

To cut a long story short and to avoid boring too many people it turns out that apparently including the text /etc /ssl (without the spaces obviously), appears to send my webhost into a security frenzy and drop the request! Yes, apparently my webhost decided to enable Apache’s mod_security feature and to then enable seemingly every part of it, including filtering all POST requests for anything slightly dangerous such as me even mentioning certain paths!

This just another reason why I want to ditch my current host and move back to managing everything myself using a VPS (probably linode), at least then I can make my own decisions on what balance of excessive security/actual usability I want to have.



Im a Sys-Admin for a growing UK company working down on the sunny South Coast of England, I love all things techie, especially Exchange and Virtualisation stuff. When not tinkering I can normally be found playing online games such as Planetside 2, Dayz and Battlefield 4.