Solving PHP File Uploading Errors Caused By Mod Security

/ PHP / by Paul Robinson / 2 Comments
This post was published back on May 7, 2010 and may be outdated. Please use caution when following older tutorials or using older code. After reading be sure to check for newer procedures or updates to code.

Most of the errors that are received from the new flash / javascript based mass uploaders are actually caused by the server. That isn’t to say there are other causes, but in my experience this is the most common cause of the problem. What about the server is causing the problems? Well let’s have a look.

Mod Security

Yes, believe it or not Mod Security is, 9 times out of 10 in my experience, the cause of all the uploading problems. Take for example my WordPress install. For quite a while I’ve been having problems where I would receive an ‘I/O Error’ or ‘HTTP Error’ for no apparent reason when uploading quite a few images. Turns out it was Mod Security mistaking the upload for a breach of security. Here is what you can do to fix it.

This will tell Mod Security to pass all requests from the specified script, but still provides certain security checks that don’t interfere with the scripts file uploading operations. For example if you are working with WordPress and having image upload problems you would need to pass async-upload.php like this:

Other applications such as Vbulletin 4’s new attachment manager can have the same problem. The script to allow in Mod Security with Vbulletin is newattachment.php:

Hopefully that makes sense & you’ll be able to figure out any others.

Basically you just need to allow the script that handles the file uploads. This also works well if you are working with a custom application using SWFUpload & in my experience gets rid of some of those pesky #20** flash errors you can get.

As always if you have any questions, or any thing to add let me know in the comments, or you can follow me on twitter by clicking the big blue birds in the sidebar.


Author’s gravatar

I have a problem with upgrading WordPress and plugins with the built in automatic upgrade process. It hangs completely. I think it has something to do with “ownership” but do you think this mod security thing might have something to do with it?

Author’s gravatar author

I haven’t had a lot of experience with ownership on Unix systems, but I’d probably say Mod Sec isn’t the cause. It normally sends back a 403/503 error if it gets caught as a security problem.

I don’t think it would hurt to try though if you want to make sure. 😉

If that doesn’t work and you can tell me what environment your server is running on I might be able to tell you if there are any known problems with WordPress’ upgrade system & your current server setup.

Older Comments
Newer Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

I'll keep your WordPress site up-to-date and working to its best.

Find out more