Thread

Seeing this in my error_log on a site for the first time ever:

[Fri Jun 22 13:24:59 2007] [error] [client xxx.xxx.xxx.xxx] mod_security: Access denied with code 403. Pattern match “!^$” at HEADER(“Content-Length”) [id “9002”] [severity “EMERGENCY”] [hostname “somedomain.com”] [uri “/about-us/careers”] [unique_id “8U2ObH8AAAEAAGzs6jMAAAAB”]

I have a hundred or more of these in a row in my error log. I’m using 1.5.2, build 20070512. It’s running on PHP 5.2.2 and Apache 2.

The site and CP function properly and normally.

Ideas?

SecFilterEngine Off may be needed in your .htaccess file.

Can you try that and see if it helps when you revisit the about-us/careers page?

Make a backup copy of your original .htaccess file if you have one first.

Yeah, I’ll try that. But just for sake of more information, the hundreds of entries on this don’t all report the same uri. It’s all different ones throughout the site.

For whatever reason, these errors seemed to have stopped. Maybe my host was alerted to them and changed something on their side…? I’ll have to call and see what was up…

No idea if this is related, but initially I also could not update templates from the CP. I got a 403 error.  I thought that and this error might be related, so I just tried again to do that, and I successfully updated a template, so… who knows…?

—

FWIW, this was all part of a move from an internal dev server to an externally hosted live server. This is why things were all of a sudden cropping up…

Wow.  Self-healing EE installs… that’s what I like to see 😉

Just to be clear, everything’s cool now?

Hehe. Yeah, and I’m not even on 1.6! 😉

Nothing’s shown up in my logs for awhile now, so I’m presuming it’s no longer an issue. I’ll be keeping a close eye on it, of course…

Thanks for the follow-up.

mod_security can be a gremlin-chaser.  Inexperienced admins often add rules without really knowing why, causing all sorts of problems.  That may not be the case here, with your host, but quite often it is.