Categories
BlogEngineDotNet Other

BlogEngine – mod_security makes it angry

I have noticed a lot of posts on the BlogEngine forum with users having a lot of problems within the Admin area. One even points out the 405 error which is one of the default errors of the Web Application Firewall mod_security. Which works great in IIS.  I suspect a lot of people are not aware that there is a version of mod_security for IIS.  And so, people constantly search for the solution to their problem when it’s glaring them right in the face.  That is, if you know what you are looking for. Hence this post.  If you get a “405 Method Not Allowed” error, most likely the mod_security module is enabled.  I have found that the default rules that come with mod_security are pretty much incompatible with BlogEngine and I have to disable the module in order to get it working.  Otherwise you will need to disable a vast amount of rules in order to get the application functioning properly.  It will be a monumental task in creating a BlogEngine ruleset for mod_security. Hopefully some day in most likely an alternate universe will someone sit down and create a ruleset for it.