Page is a not externally linkable
rocknbil - 5:51 pm on Sep 29, 2011 (gmt 0)
I don't think it's the mod_security problem - that is due to the Flash uploader and Shockwave/Flash header of the uploader being interpreted as an attack. The insert into post function is managed by Javascript. Check your mod_security logs though, that will tell you for sure.
I'd look for any changes in your .htaccess or a path issue. Try clearing cookies (or just use a different browser,) it may be some caching issue in your browser (long shot.)
I'd also make sure you understand exactly **what** is the object of the 404, the image or "something else"? I say this because when you use the insert into post function, it's actually Javascript putting an ordinary string containing the path to the image into the post, there's no real reference to the uploaded image.
<for others reading and arriving due to mod_security issues with wordpress>
If you can upload using the classic uploader, but not the Flash uploader, it's likely the Shockwave/Flash mod_security SecRule. Check your mod_security logs.
You don't really want to remove it completely, it's a good thing that it's there. You want to remove it ONLY for async-upload.php. First verify there's an ID on the SecRule, if not, you can arbitrarily add one. Leave a comment so someone knows what you're up to:
## see custom.conf, removedById
SecRule HTTP_User-Agent "^Shockwave Flash" "id:345343245"
If the secRule already has an ID, no need to modify it, just use the ID that's present.
Then mod the config to remove the rule by id for the location. I used custom.conf, which was an empty file. If it doesn't exist, create it and make sure it's used in the main config:
<locationMatch "/wp-admin/async-upload.php">
SecRuleRemoveById 345343245
</LocationMatch>
How you would access these varies by host - While the mod_security config file is accessible via WHM, I still had to SSH to the box to create and mod custom.conf.
I posted this in the Apache Forum on discovery asking if this was the most accurate approach and got no answer, so anyone with better ideas speak up. :-)