What is mod_security?
It’s an Apache plugin designed to drastically cut down on spam. We’re talking referrer spam, comment spam, etc. It checks URL parts, submitted content, etc. I was quite surprised to find out about it, because I didn’t sign up for it. It was preconfigured with my host, TextDrive. I found out because I was writing a blog entry dealing with OpenID, and my personal plans for using it. When I submitted the article the server responded with a mysterious “Precondition Failed” message. I was sure Typo was to blame for it. Apparently there was something (I couldn’t tell you what right now) that caused mod_security to kick in and reject my post.
Rather than trying to find out what the protected words are, particularly since they will likely change, I’m going to try and have mod_security lifted only for the content editing portion of Typo. I really want it’s protection for comment spam and referrer spam. If it’s an all or nothing proposition (remember that Rails apps are proxied through Apache, and the .htaccess file is not read), then I will have to live with the mod_security restrictions.
I may have to resort to doing everything through the blog web service. We’ll see how it goes. So, if any of you types a comment and instead of seeing it on my blog you see some ominous “Precondition Failed” message it’s because you are trying to spam me! No seriously, it’s because you hit on a keyword that a bunch of spammers use.
