When installing WordPress, I came up against a technical problem; http 500 errors generated by mod_security. A binary search of the httpd.conf file (alternately enabling and disabling groups of parms) revealed that this line caused the 500 error:
SecFilterScanPOST On
Commenting this line out restored normal operation. I surveyed the collective wisdom on the issue and found that others had to turn off this type of http POST checking by the Apache module “mod_security”. The problem appears to be that WordPress (the engine that drives this blog) posts text that includes html, which causes mod_security to choke, if this directive is enabled.
So what do we do? POST checking is a needed security measure but there appears to be no known way to enable POST checking yet permit WordPress to work. I see from the http header on WordPress pages this content type:
content="text/html"
I tried enabling this content type with the following mod_security directive, but it did not help.
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data$|^text/html;)"
I will monitor this situation and report in later with a solution, if found.