我创建了一个Wordpress插件,该插件很受欢迎,但是我收到很多抱怨,称它不起作用。登录许多用户的WP网站后(询问管理员密码后),我注意到我无法轻易解决的最后一个问题是mod_security和mod_security2阻止了一些AJAX请求或.htaccess,这在某些配置上导致500错误。
I've created a Wordpress plugin which became popular but I'm getting lots of complaints that it's not working. After logging in to many user's WP websites(after asking for admin password) I noticed that the last problem I can't easily solve is mod_security and mod_security2 blocking some AJAX requests or .htaccess which is causing 500 error on some configurations.
首先,为什么这段代码会导致某些服务器返回500错误
So first of all why is this piece of code causing some servers to return 500 error
<IfModule mod_security2.c> SecRuleRemoveById 300015 SecRuleRemoveById 300016 SecRuleRemoveById 300017 SecRuleRemoveById 950907 SecRuleRemoveById 950005 SecRuleRemoveById 950006 SecRuleRemoveById 960008 SecRuleRemoveById 960011 SecRuleRemoveById 960904 SecRuleRemoveById phpids-17 SecRuleRemoveById phpids-20 SecRuleRemoveById phpids-21 SecRuleRemoveById phpids-30 SecRuleRemoveById phpids-61在其他服务器上通过id删除规则会导致500错误:
on other servers removing rules by id this way is causing 500 error:
<IfModule mod_security.c> SecRuleRemoveById 300015 ... SecRuleRemoveById phpids-61 </IfModule>因此,目前唯一不会导致任何服务器崩溃的工作是
so for now the only working thing which is not causing any server to crash is
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>但是对于具有mod_security2的服务器来说还不够!
but it's not enough for servers with mod_security2 !
如何编写跨服务器.htaccess文件,我应该添加哪些IF条件以在任何适用的位置禁用mod_security和mod_security2并且在其他配置上不会引起500错误?
How to write a cross-server .htaccess file, and what IF conditions should I add to disable mod_security and mod_security2 anywhere where it applies and not cause 500 errors on other configurations?
编辑:不仅在Apache中。在任何使用.htaccess的地方。
Not only in Apache. Anywhere where .htaccess is used.
推荐答案显示告诉联系服务器管理员的消息将是最后要做的事情。首先,我将尝试使用以下解决方案之一来自动创建配置:
Displaying a message telling to contact server administrator will be the last thing to do. First of all I'll try one of this solutions for automatic config creation:
在子文件夹中创建2-3个沙盒化的.htaccess配置
Create 2-3 sandboxed .htaccess configs in subfolders
OR
更多推荐
如何在.htaccess中禁用mod
发布评论