I’m getting some odd log messages for the apache module modsecurity. Essentially its xml parser is breaking when random places are sending pingbacks. The requests go to xmlrpc.php and the response headers are ok, but the body is binary. The message in the modsecurity log looks like:
Message: XML parser error: XML: Failed parsing document.
After a bit of guessing and sending messages to and fro, I can now see that it is a gziped response. So I’m not sure if it is modsecurity not realising that the response is gziped or wordpress not marking it correctly. In any case I can regularly get very similar binary strings using gzip and the usual xml response. So that’s half the mystery solved.
Most of the requests are spammers so I’m not too worried. I think it also impacts legitimate pingbacks because I’ve not had any, even from the usual automatic places.
7 thoughts on “Odd WordPress pingbacks”
@seesmall2 Try enabling the SecDisableBackendCompression directive in ModSecurity
Not sure how the twitter and wordpress comments link, but enabling SecDisableBackendCompression worked. The problem with this solution is that probably means I have disabled compression for all connections. Also, its not needed for non-proxy setup and this setup doesn’t use reverse proxies so, in theory, it shouldn’t be needed.
Perhaps the way that modsecurity and the compression module work together have changed?
Craig Small: Odd WordPress pingbacks http://t.co/gdwD24pTah #debian #linux
@Jamuse @seesmall2 also double-check your SecResponseMimeType directive settings – https://t.co/bfCBkqfYJP
Planet Debian: Craig Small: Odd WordPress pingbacks http://t.co/NPHQud0SK8
Craig Small: Odd WordPress pingbacks: I’m getting some odd log messages for the apache module modsecurity. Es… http://t.co/wRxgfI2Acl
Craig Small: Odd WordPress pingbacks – http://t.co/fVVeFDUBtV