Thread

Hi,

I’m getting a really weird problem. On most weblogs, I have no problems posting content, but on one particular weblog when I post this text (which is going through a markdown plugin) I’m getting a 404 not found error and the content isn’t posted:

Direct all applications and inquiries to: 
Hiring Committee

(In particular, I’ve got it down to the “Direct all applications and inquiries” line.

Any idea what this could be or how I can troubleshoot it further?

Thanks,

Ben.

What build/version are you running- and any extensions installed?  And- I’m fuzzy on what ‘Direct all…’ refers to.  Is it something in a custom field and if you don’t include it, it posts?  Or- how does that bit come into play?  Oh- and when you 404- what’s the url look like- the bit past the ?

Thanks for the prompt response.

Expression Engine 1.6.4
Build:  20080710

URL on 404:

<a href="http://cswip.ca/system/index.php?S=e1af1d94331a9d689c4ef679d5b6cf065c4b098c&C=edit&M=new_entry">http://cswip.ca/system/index.php?S=e1af1d94331a9d689c4ef679d5b6cf065c4b098c&C=edit&M=new_entry</a>

I’m not running any extensions.

So, the part about the “Direct all…” is the weirdest thing about this. If I paste in the content of the post, but I leave out the “to” in “Direct all applications and inquiries to:” it posts without a problem. If I put the “to:” in, it doesn’t post. This is in the body of the post. I’m not using any custom fields. The thing is, the content editors have been running into this problem in other posts as well. I figured out it was “to” using a process of elimination for this content, but I can’t see why that would crash the thing, and I’m assuming that whatever is causing them a 404 error on the other posts isn’t the same word. There’s something about the structure that it doesn’t like.

Thanks for the help.

Hm- my first bet would be it’s hitting some kind of server side security filter on post data.  For fun- try putting that in a blank template and save the template.  Does it save- or get stripped?

Wow, 404 error.

Very interesting that this might be server-side—but this does help explain the text in the 404 error about not having sufficient ‘permissions’. We haven’t made any changes to our hosting, so it might be the host.

Any further idea on what exactly they might have done (so I can go yell at them?)

Thanks,

Ben.

LOL- I can’t remember the technical name.  But just ask if they’ve got filters on post data- and send them the bit that seems to trigger it.  They should know right off the bat.  But yep- that about has to be it unless you had some odd extension installed doing something similar.  And- I can’t think what that would be.  99% odds it’s a server security measure.

Give them a yell- and let us know how it goes.

The problem ended up being “modsecurity”:

What was happening, is that modsecurity was blocking “to: ” thinking it was a spam/hack attempt (eg adding post payloads to send spam through PHP.

I can’t say I’m exactly pleased with their response. They patched it so that it won’t respond to “to”, but it’s entirely possible that we run into content that trips it again. I’ll take a good look at EngineHosting… 😉

Ben.

Ben, so is it OK to close this thread for now?

Yep!

mod_security- that was it!  As long as the host was responsive getting if fixed, I wouldn’t worry about them much.  Though got to say, EH is nice, particularly for EE sites.

Glad you’re squared- and closing this one out.