All geek questions in one place

How to write mod_security friendly PHP code?

I created a theme in WordPress that fell into the mod_security rule on HostGator and gave a 403 error .

I contacted people there (at HostGator) and they fixed it for me. But I do not want my theme to work like that.

I just wanted to find out if there are any manuals / blog posts / tutorials about writing PHP code that is mod_security friendly?

I tried Google, but did not find anything useful.

+4
source share
1 answer

I'm not sure there are many tutorials for this, especially since the mod_security configuration varies from server to server.

The closest thing I would recommend is to look at the Basic Rules Project . There are tons of rules. A lot of them.

Some common things to avoid:

  • including function names in parameters
  • using SQL queries / keywords (e.g. SELECT, UPDATE, DELETE FROM) in a URL or POST
  • use HTML in URL

What exactly works is subject to change. If possible, I would ask HostGater people what rule it caused, and try to get some feedback. If you do not configure mod_security in your personal field (or virtual machine) and see if your topic launches any of the rules in the main ruleset.

+1
source

Source: https://habr.com/ru/post/1312565/

More articles:


All Articles