How I Fixed My WordPress JetPack 404 Error
I have been searching the internet for a couple of weeks on how to fix my Jetpack issue, it is an add on for Word Press blogs to connect to the Word Press cloud servers to add additional features to your blog. But since moving from my shared hosting to my VPS I have had problems with getting my blog to actually function as it did on shared hosting. I pay for managed hosting and the folks @ TMZVPS have been great and have fixed most of the problems that have came about, but they could not resolve the issue with JetPack.
When I transferred CincyGeek.com over to my VPS, I was not able to get Jet Pack to work, and I kind of gave up on trying to fix it because I did not have time. I continued to search on the internet to see if anyone could provide any insight on how to fix this. I never found what I was looking for, so I decided to take a further look into ModSecurity2 which my Apache is configured with. I went to the logs and found that JetPack and other things were being prohibited from running.
Access denied with code 406 (phase 2). Match of “rx (^application/x-www-form-urlencoded|^multipart/form-data;).*$” against “REQUEST_HEADERS:Content-Type” required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "17"] [id "90001"]
So I analyzed the error message and opened up the ModSecurity2 config and searched for
And found it was right at the top of my config and just commented out the rules like this
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply “text/html” as Content-Type
#SecRule REQUEST_METHOD “!^(GET|HEAD|OPTIONS)$” chain
#SecRule HTTP_Content-Type “!(^application/x-www-form-urlencoded$|^multipart/form-data;).*” “deny,log,status:406″
#Added a rule_id so that this rule can be disabled.
#SecRule REQUEST_METHOD “!^(get|head|options|post|put|propfind)$” chain,deny,log,status:406
#SecRule HTTP_Content-Type “!(^application/x-www-form-urlencoded|^multipart/form-data;).*$”
and also commented out the line about XML-RPC because Jetpack uses this file.
#XML-RPC Exploits – RayF
#SecRule REQUEST_URI “.*xmlrpc.php.*” chain
#SecRule REQUEST_BODY “.*(wget|echo|pwd|cwd|curl|tar|cd|tmp).*”
I hope this helps you out, and if you have any questions please ask in the comments section!