[buddypress-trac] [BuddyPress Trac] #8585: "Sorry you are not allowed to access this page." when saving settings in the admincp

buddypress-trac noreply at wordpress.org
Wed Nov 24 23:33:45 UTC 2021

#8585: "Sorry you are not allowed to access this page." when saving settings in
the admincp
 Reporter:  llewen        |       Owner:  (none)
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  Core          |     Version:
 Severity:  normal        |  Resolution:  worksforme
 Keywords:                |

Comment (by llewen):

 I finally figured this out.  I've had a number of problems with the
 WordPress admincp and getting the infamous "Sorry, you are not allowed..."
 error.  And it was obviously my problem because no one else was reporting
 the error.  I've been banging my head against the wall on this one for a
 year and a half now.

 Turns out I was too smart for my own good.  I use modsecurity, I
 absolutely love modsecurity and wouldn't run a server without it.
 However, one of the "features" of modsecurity allows you to change the
 server signature, and I had changed it to "Microsoft IIS 5.0", one of the
 most hackable pieces of web server software in the history of computing as
 a joke on would be hackers.

 What I didn't realize is that the "$is_apache" variable in WordPress uses
 that server signature to determine what server software you are running,
 and various bits of WordPress use that variable to change behaviour in
 significant ways.  For some reason modsecurity changed that server
 signature permanently, so even if you disabled modsecurity entirely, it
 would still show the server signature as whatever you changed it to.

 So, yes, I love modsecurity, but there are things that it can do that can
 make a mess if you don't know what you are doing.  The takeaway is, don't
 mess with the server signature, even if you think it might be funny to do

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8585#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list