security.vcl icon indicating copy to clipboard operation
security.vcl copied to clipboard
verified publisher icon comotion

security.vcl breaks wordpress upgrades

Open crazzy opened this issue 13 years ago • 3 comments

It is not possible to perform a wordpress upgrade with security.vcl enabled, at least the following modules are triggered while upgrading wordpress plugins:

  • localfiles
  • restrictedfileextensions
  • xss
  • sql

A sample request URL looks like this: /wp-admin/update.php?action=install-plugin&plugin=backwpup&_wpnonce=c1e4532913

As this is a customer site being affected I can sadly not provide a live example.

crazzy avatar Nov 30 '12 13:11 crazzy

Contact Pagely. Josh uses the script on WordPress successfully

bbcamp avatar Feb 27 '13 00:02 bbcamp

actually, the reason I let this lie is that wordpress is notorious. yes you will have to disable loads of rules to make it upgrade. yes these rules should be on for security.

comotion avatar Mar 13 '13 13:03 comotion

I'd be interested in knowing what you had to do to make Wordpress run with security.vcl in place. Did you have to manually disable some rules? Can you specify exceptions to certain rules for particular pages, etc, like you can with mod_security?

jasonheffner avatar Mar 20 '13 12:03 jasonheffner