Blogging Computing TITGIG

Precondition Failed when trying to leave a comment on WordPress

A reader emailed me a little while back to tell me that he’d been having difficulty leaving a comment on my site – he’d get the error “412 Precondition Failed”.

I did some investigation and found that sentences such as *”However, its a far cry to be able to create a food sample from scratch.”* and *”As a computer programmer yourself, you’d probably find it easy to program a computer to create hit songs from scratch, right?”* were causing the problem, and if I reworded them, the comment would be allowed through.

I did a bit of digging around and came to the conclusion that these sentences were being rejected because they looked like an attempt to hack the site. I consulted my web hosts, 34sp, and they confirmed that mod_security was rejecting them because they took the format “create blah blah blah from”, which could be construed as an attempt at a SQL command.

Leaving aside how unintuitive the error was (surely 403 Forbidden would be much more appropriate than 412 Precondition Failed?), there is a solution. You can disable this particular rule by putting the following line into your .htaccess file:

SecFilterRemove 300013

The side-effect of this is that you will also lose additional protection against SQL injection attacks, so use it at your own discretion.

*UPDATE: I realise now how much of a misnomer this post’s title is, as this problem has nothing to do with WordPress.*

16 replies on “Precondition Failed when trying to leave a comment on WordPress”

You’ll be reassured to know that I didn’t understand a word of that. In fact, it’s the sort of post that I would never usually comment on, but just today a visitor to my site informed me that they had been unable to leave a comment for exactly this reason. I sort of just ignored it, imagining it was just a temporary glitch and they had pressed a button in rather an agitated fashion. I now know better and feel very guilty. However, hacking my .htaccess file sounds like a scary idea, so I shall bury my head in the sand like a good ostrich and do nothing about it. Thank you.

Ta for this. I’d noticed the same thing on my blog recently (d’you think 34sp have recently rolled out “better” mod\_security stuff? 🙂 when I was editing an old draft, but hadn’t got beyond checking the error logs and finding out it was mod_security at fault.

Yes, I think that’s exactly what they’ve done. I know that back in February, I upgraded to a new hosting package, and I think that included being transferred to a new server. Now that I look back at my logs, the 412 errors started around then.

I’m going to add something to my “Having trouble with comments?” page about this.

Contact your web host. It’s possible that they’ve disabled the ability for you to use SecFilterRemove, or you need to use a number other than 300013.

Leave a Reply

Your email address will not be published. Required fields are marked *