Geeklog Forums

I have geeklog 1.4.1 running on a web host, and have post about 20 stories so far. I was adding a story about MySQL, but if I use the words "INSERT INTO" in the story text (HTML formatted), I can't save or preview the story, I always get "Precondition failed" and have to use the back button and remove it.

I don't have the Bad Behavior plugin installed, just the default plugins.

Here is what I am trying to enter in the Body Text:

insert into user (Host, User, Password, Select_priv, Insert_priv,
Update_priv, Delete_priv) values ('%', 'remote', password('xxx',
'Y', 'Y', 'Y', 'Y';

Do you happen to have mod_security installed on your webserver?

bye, Dirk

I can't tell at the moment. Let me dig around on the host server to find out. Unfortunately, since it is hosted, I won't be able to remove it from the apache config if that is the problem.

Thanks for the info,
Keith

Yes, mod_security is loaded by Apache, but I can't change the Apache configuration.

I was able to get around it by replacing the word "INTO" with HTML character entities, but that is quite ugly.

There may be a way to turn off mod_security with an .htaccess file, but this is the only time it has caused a problem and I'm not sure I want to turn off all protection.

If I had access to the mod_security rule list, I might be able to disable just the one rule it is hitting. Not sure if I want to spar with my web host over it, though.

Keith