jay_v
msg:4368761 | 3:24 pm on Sep 29, 2011 (gmt 0) |
Looks like you are having mod_security issue.
I had the same problem and got my hosting company to change the mod_security and it worked fine after that.
Similar issue here [wordpress.org...]
Hope it's an easy fix for you.
|
rocknbil
msg:4368826 | 5:51 pm on Sep 29, 2011 (gmt 0) |
I don't think it's the mod_security problem - that is due to the Flash uploader and Shockwave/Flash header of the uploader being interpreted as an attack. The insert into post function is managed by Javascript. Check your mod_security logs though, that will tell you for sure.
I'd look for any changes in your .htaccess or a path issue. Try clearing cookies (or just use a different browser,) it may be some caching issue in your browser (long shot.)
I'd also make sure you understand exactly **what** is the object of the 404, the image or "something else"? I say this because when you use the insert into post function, it's actually Javascript putting an ordinary string containing the path to the image into the post, there's no real reference to the uploaded image.
<for others reading and arriving due to mod_security issues with wordpress>
If you can upload using the classic uploader, but not the Flash uploader, it's likely the Shockwave/Flash mod_security SecRule. Check your mod_security logs.
You don't really want to remove it completely, it's a good thing that it's there. You want to remove it ONLY for async-upload.php. First verify there's an ID on the SecRule, if not, you can arbitrarily add one. Leave a comment so someone knows what you're up to:
## see custom.conf, removedById
SecRule HTTP_User-Agent "^Shockwave Flash" "id:345343245"
If the secRule already has an ID, no need to modify it, just use the ID that's present.
Then mod the config to remove the rule by id for the location. I used custom.conf, which was an empty file. If it doesn't exist, create it and make sure it's used in the main config:
<locationMatch "/wp-admin/async-upload.php">
SecRuleRemoveById 345343245
</LocationMatch>
How you would access these varies by host - While the mod_security config file is accessible via WHM, I still had to SSH to the box to create and mod custom.conf.
I posted this in the Apache Forum on discovery asking if this was the most accurate approach and got no answer, so anyone with better ideas speak up. :-)
|
lorax
msg:4369123 | 11:42 am on Sep 30, 2011 (gmt 0) |
What file format is the image?
|
juliat72
msg:4369127 | 11:53 am on Sep 30, 2011 (gmt 0) |
The image is being uploaded and crunched (have checked via FTP and it appears in the gallery listing), so it is not the uploader function that is the issue.
I have tried this on 4 different browsers on 2 different computers so again it is not a caching problem.
?
|
lorax
msg:4370040 | 11:26 am on Oct 3, 2011 (gmt 0) |
Geesh. Since you know the path directly to the image, can you view the image using the path instead of using WordPress? If you can, then you are having some form of WordPress issue and may want to bring this up on the WordPress support forum instead. If you can't, then it sounds like you're having some form of server issue and will need to speak with your host about the issue.
|
juliat72
msg:4370044 | 11:39 am on Oct 3, 2011 (gmt 0) |
I have posted on the WP support forum and had no serious help and as no one else is having the same issue I will have to ask the hosting company to look into it then.
|
juliat72
msg:4371008 | 12:05 pm on Oct 5, 2011 (gmt 0) |
It was a mod_security issue! All sorted now they've disabled it on our domains
|
jay_v
msg:4371009 | 12:15 pm on Oct 5, 2011 (gmt 0) |
I knew it was ;)
Glad you got it sorted :)
|
lorax
msg:4371039 | 1:51 pm on Oct 5, 2011 (gmt 0) |
Excellent.
|
|
