Hi Guys,
We've just recently upgraded our server and have mod_security installed. We've noticed that the default rules are pretty strict and cause errors when trying to save certain content through the SilverStripe CMS.
In particular, if content contains the '%' character or 'iframe', you are unable to save because mod_security denies the request...
% - URL Encoding Abuse Attack Attempt
iframe - Cross-site Scripting (XSS) Attack
It seems a bit of a shame to turn off mod security or allow certain rules through. What's the point of having it installed in that case!
Does anyone know how these rules could be re-written to be compatible with SilverStripe?
Cheers,
Barry