oldmanstan

thank you

ok, then i will rephrase… is it a bad idea to disable this particular security feature, in other words should i keep looking for a better solution or is it reasonably safe to leave this feature disabled?

ok, i placed SecFilterInheritance Off in the htaccess file in my server root directory (public_html/) and now i can log into the admin panel again, but i still don’t understand what happened? i could use it before but then suddenly it starts screwing up?

i never changed a thing before the problem started

could my host have changed something that messed it up? i’m confused

one other thing, am i creating a security hole by turning on the inheritance for the whole site?

well there were several suggestions, and i tried all of them

SecFilterInheritance Off does not seem to do anything for me

i placed htaccess files in both the wp-admin directory and in the WP root (blog/ in my case), i also tried combinations of one or the other

ok, here’s what i meant with the htaccess, originally when i posted the problem to begin with i COULD log into the admin panel, i would just get random forbidden errors when writing pages

then i tried the fix and placed an htaccess file in the wp-admin directory, after i did that i started getting the forbidden error whenever i tried to even log into the admin panel

i renamed the htaccess file, thinking it was causing a bigger problem, but now even with the file renamed i STILL can’t even log into the admin panel

and yes, i checked the permissions, they are not the problem. no matter how i chmod that directory i still get the error

ok, here are the loaded modules (mod_security IS installed)

mod_dosevasive, mod_security, mod_auth_passthrough, mod_log_bytes, mod_bwlimited, mod_php4, mod_frontpage, mod_ssl, mod_setenvif, mod_so, mod_expires, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core

there is nothing but the line you gave me in the .htaccess file in my wp-admin directory, and there are no weird characters or anything

still getting a 403 forbidden error

also, i tried renaming .htaccess in wp-admin but even then i still get a 403 error when trying to get into the admin panel at all, i can’t even log in

ok, i did the suggestion that should have turned it off for the whole directory and now i can’t even get into the admin panel, when i go to /blog/wp-admin (to log in) i get another forbidden error

also, how would i know if mod_security is on? would it be in the root .htaccess file? cuz there is no mention of it in there

also, it started doing this just a couple days ago, it totally randomly does the forbidden error, no ryhme or reason, i’ll start a new page, type 4 lines, post it, works fine, type 3 more lines, save and continue editing, fine, then i’ll write another 3 lines or something (or even just add some words to a sentence), save and continue editing, and then forbidden suddenly

it’s really crazy

p.s. it was doing this when i had 2.02 installed, so i upgraded to 2.03, still doing it