http://bloritsch.d-haven.net/articles/2007/07/25/what-is-mod_security en-us 40 Random thoughts <p>It&#8217;s an <a href="http://www.modsecurity.org/">Apache plugin</a> designed to drastically cut down on spam. We&#8217;re talking referrer spam, comment spam, etc. It checks <span class="caps">URL</span> parts, submitted content, etc. I was quite surprised to find out about it, because I didn&#8217;t sign up for it. It was preconfigured with my host, TextDrive. I found out because I was writing a blog entry dealing with OpenID, and my personal plans for using it. When I submitted the article the server responded with a mysterious &#8220;Precondition Failed&#8221; message. I was sure Typo was to blame for it. Apparently there was something (I couldn&#8217;t tell you what right now) that caused mod_security to kick in and reject my post.</p> <p>Rather than trying to find out what the protected words are, particularly since they will likely change, I&#8217;m going to try and have mod_security lifted only for the content editing portion of Typo. I really want it&#8217;s protection for comment spam and referrer spam. If it&#8217;s an all or nothing proposition (remember that Rails apps are proxied through Apache, and the .htaccess file is not read), then I will have to live with the mod_security restrictions.</p> <p>I may have to resort to doing everything through the blog web service. We&#8217;ll see how it goes. So, if any of you types a comment and instead of seeing it on my blog you see some ominous &#8220;Precondition Failed&#8221; message it&#8217;s because you are trying to spam me! No seriously, it&#8217;s because you hit on a keyword that a bunch of spammers use.</p> Wed, 25 Jul 2007 23:09:00 +0000 urn:uuid:fd91a052-d563-4ffe-9b61-fe07736e4e24 Berin Loritsch http://bloritsch.d-haven.net/articles/2007/07/25/what-is-mod_security mod_security blog typo hosting