Was working on setting up a Joomla! 2.5.4 website in 10 languages starting with English and Dutch. While I was trying to add some dummy articles just to get the general structure done I ran into an error 500 on saving an article. I checked the logs and I found:
[Thu Apr 05 15:21:40 2012] [error] [client xxx.xxx.xx.xx] mod_security: Access denied with code 500. Pattern match"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe) [[:space:]]+[A-Z|a-z|0-9|\\\\*| |\\\\,]+[[:space:]]+(from|into|table|database|index|view) [[:space:]]+[A-Z|a-z|0-9|\\\\*| |\\\\,]|UNION SELECT.*\\\\'.*\\\\'.*,[0-9].*INTO.*FROM)" at POST_PAYLOAD [hostname "domain.com"] [uri "/administrator/index.php?option=com_content&layout=edit&id=0"]
Don’t remember running into this with Joomla! at least not for a long time. Either because of the new version or because of some new server security.
Anyways, we’ll work it out…
I had to add some more details to .htaccess. I might not need the PHP values, but I did have to shut down the SecFilterEngine and SecFilterScanPost:
php_value memory_limit 60M php_value max_execution_time 200 php_value max_input_time 200 php_value upload_max_filesize 20M SecFilterEngine Off SecFilterScanPOST Off