On Mon, Aug 17, 2020 at 3:09 PM Tom Hutchison via MediaWiki-l
<mediawiki-l(a)lists.wikimedia.org> wrote:
So, I'm just thinking out loud here to blow off steam. I've seen
mod_security block MW edits and some other weird things on shared hosting.
Apparently, a shared host I admin for a project must have enabled some type
of proactive scanning with ClamAV or more like a ClamAV Frankenstein and it
is throwing false positive on RedirectSpecialPage.php. Trying to add it back
manually, I can create the file but as soon as I add in the code. the host
deletes it. I tried uploading it. Denied with message ->
"The file you uploaded, RedirectSpecialPage.php, contains a virus so the
upload was canceled: YARA.blackhole_basic.UNOFFICIAL FOUND"
Obvious it is a false positive, but WOW. Posting just in case someone else
is dealing with a stupid hosting provider who likes to flip switches and
fails to poll then review the consequences before actually flipping the
switches.
Yeah, mod_security does get a bit aggressive. The one annoys me is the
horizontal rule I sometimes use as a break instead of a full blown
heading, like H4 or H5:
-----
mod_security blocks that when the first two chars in a line are dash.
I often have to turn off mod_security to submit the page.
Jeff