lynx and mod_security

 Technology, WordPress  2 Responses »
Dec 072009
 

I’ve been imple­ment­ing more web sites recently; it appears to be one part of the tech­no­logy mar­ket for which there is still demand. One of the things I push when I meet with cli­ents is access­ib­il­ity, so I figured I should test my own sites and make sure they’re reas­on­ably access­ible. Lynx is one tool to use to check access­ib­il­ity (as well as being a good basic text-based browser). I was a little flum­moxed when I got back a 406 http error, which usu­ally means the user agent can­’t read the char­ac­ter set, lan­guage, or encod­ing the web site uses. Even the most basic text html page was rejected.

It turned out that my ISP had mod_security enabled (good) and con­figured in such a way that lynx was banned (not so good). Ban­ning lynx seems to be a fal­lout from a quick way of con­fig­ur­ing mod_security by fil­ter­ing out keywords that might be used in hack­ing attempts. Per­son­ally I can­’t see the point as lynx can be told to use a dif­fer­ent user agent string if need be, and people who want to hack your site will likely know how to do that, and I can­’t under­stand how people use lynx to hack a site either. Mind you, I don’t hack oth­er people’s web sites, so I don’t know the tools people use who do. Any­way, the ISP cheer­fully took out the fil­ter caus­ing the prob­lem, but in the mean­time my IP address had been flagged by mod_security for try­ing to bypass the fil­ter too many times, so I was com­pletely banned from my own site, as well as every oth­er site that hap­pens to be hos­ted on the same server. 

Even­tu­ally we cleared up that little prob­lem as well, and I could get back to tweak­ing my style-sheets and HTML to be more access­ible. There’s a bit more to do yet, but I’m get­ting there. And I’m grate­ful for an assidu­ous ISP (Cana­dian Web Host­ing) with a sup­port team that works late on Fri­day nights.

Feed Oddities

 WordPress  1 Response »
Jan 142009
 

My blog feed is behav­ing oddly and I can­’t quite fig­ure out what’s going on. I’ll post when I’ve found out enough to give a sali­ent descrip­tion, and when I find a solu­tion. Hope­fully it won’t take too long.

Update: it turns out to have been the Bird­Feed­er plu­gin, com­poun­ded with a stub­born cache. Guess I have to do some more work on fig­ur­ing out how to get Mint to work prop­erly with the site, but that can wait until tomorrow.

Another WP Update

 WordPress  No Responses »
Dec 122008
 

Hav­ing just updated my blog to the latest in the 2.6 series, it was time to go for the 2.7 series. Nor­mally I wait a couple of days for oth­er people to flush out the bugs, but I figured I’d be big and brave on this one, giv­en it’s Fri­day afternoon. 

As usu­al with Word­Press, the upgrade went flaw­lessly, even the few plu­gins I use installed without com­plain­ing. If you notice any­thing, let me know; it might take a while before I stumble on it. 

The new admin dash­board will take some get­ting used to. I don’t know yet wheth­er I prefer it to the old one or not, it looks more com­plic­ated but that could just be because it’s unfamiliar. 

And I’m try­ing out Mint for stat­ist­ics. I wrote a small plu­gin to add the code to the right place on the pages which seems to work. Now all I have to do is fig­ure out how to dis­reg­ard the spuri­ous vis­its.

WordPress and Atom

 WordPress  2 Responses »
Sep 052008
 

On my craft­ing blog I use the Tarski theme, and that used to give you the choice between Atom and RSS for the feeds. Then they took it out, say­ing that Word­Press itself gives you the choice. Well, maybe it does (or maybe it did), but nowhere in the options for 2.6.1 that I could find (maybe you need a plu­gin to do it?). Then I dis­covered that this blo­g’s default feed had been changed to RSS2 some time when I was­n’t look­ing, which also was­n’t what I wanted. 

To jog my memory next time I upgrade Word­Press and want to use Atom by default, here’s where to change the set­ting. For­tu­nately PHP code is easy to search through! The file is feed.php in the wp-includes dir­ect­ory. Change the second para­met­er in the get_default_feed func­tion to atom. With­in any luck this meth­od will even con­tin­ue to work in the next ver­sion. I’ll cer­tainly know to check what the default feed format is in the future.

Minor WordPress Plugin Problems

 WordPress  No Responses »
Mar 102008
 

I real­ized while installing the latest Word­Press upgrade, that I had­n’t yet blogged some solu­tions to issues I had some time ago. These are all issues related to plugins. 

Prob­lem 1: I installed the Organ­izer plu­gin to help organ­ise my pic­tures. It would­n’t show them, which some­what defeats the pur­pose of an organ­izer. Look­ing at the errors with Fire­bug (one of the most use­ful Fire­fox exten­sions I’ve found) revealed that the organizer_jump_directory func­tion was­n’t defined. One of the com­ments on the plu­gin solved the prob­lem: copy the con­tents of the general.js file to the index.php and view.php files.

Prob­lem 2: flex­ible upload seemed to be activ­ated, but I could­n’t see any sign of it in the “Write” page. The “add field” box was miss­ing from the upload part of the page, as well as the oth­er use­ful items. The solu­tion: I needed to turn off the mod_security Apache mod­ule for the admin dir­ect­ory in the .htac­cess file. There are more details in Word­Press sup­port for­um. I also needed to chmod the plu­gins dir­ect­ory to 755.

Prob­lem 3: I have anoth­er blog, and wanted to show the post­ings from this blog via the Atom feed. I set it up, and it seemed to work, but it nev­er updated the list to show the latest post­ings. After try­ing out a lot of dif­fer­ent ideas, I dis­covered in the serv­er logs that I had a 403: Forbidden error, which gave me a new and dif­fer­ent set of things to try out. In the end I dis­covered the source was that the Bad­Be­ha­vi­or plu­gin was block­ing the requests. So I added the IP address of my blog into the bad-behavior/whitelist.inc.php file, and all now works as it should.

Bad Behavio(u)r

 WordPress  No Responses »
Dec 052007
 

If you use the Bad Behavior/Bad Beha­viour plu­gin for Word­Press, you will need to update it imme­di­ately if you don’t want to be blocked from access­ing your own site (which is rather dis­con­cert­ing). More details at Bad Beha­vi­or 2.0.11. Simply over­writ­ing the old files with the new should work; anoth­er option is to rename the bad-behavior-wordpress.php file to some­thing else, which will dis­able it, so you can then log in to the admin pages as usual.

Kudos to the plu­gin author (Michael Hamp­ton) for find­ing and fix­ing the prob­lem quickly!

 Older Entries  Newer Entries
/* ]]> */