Page MenuHomePhabricator

The default installation blocks edits containing certain words.
Closed, InvalidPublic


Author: a3829

One of my MediaWiki installations is blocking edits containing certain words. It appears to be a spam filter of some kind, because it is blocking marketing words like "viagra." It also happens if there are more than three external links in a page. This is a simple installation, with most of the default options enabled, and no extensions installed. I didn't configure any spam filtering options. When I try to edit a page with a blocked word in it, I get a 301 redirect to the main page, but no error. The debug log shows the POST request containing the edit, and the redirect next, but it doesn't give any information as to what is causing the edit to be blocked. The same thing happens when attempting to preview an edit. I tried installing MediaWiki on a local server for testing, and it does not appear to be blocking any words. I read all of the spam filtering documentation and nothing claims to be enabled by default. This feature should be disabled by default, or it should be documented. There should also be some kind of error in the debug log. Are there any workarounds?

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:54 AM
bzimport set Reference to bz51323.
bzimport added a subscriber: Unknown Object (MLST).

MediaWiki doesn't do that. These filtering is usually performed by a web server module or perhaps a firewall. You will need to determine what software is installed on the affected host that is doing it. A usual suspect is mod_security, although it tends to block technical keywords like SELECT, not spam words.

I'd appreciate if you can report here the guilty software after you encounter it, so we can better advice the next user bitten by it.

Good luck

a3829 wrote:

Thanks for the info. I thought that it might be server-side spam filtering right after I opened the bug. It turned out to be a mod_security rule. I had to contact support to have the rule disabled, as apparently AllowOverride is disabled for mod_security directives. Perhaps this issue should go in in case anyone else runs into the same problem?