David Slack - Web developer

The story

I'd been working on a website (http://luckyfingers.co.uk/) for a few hours when the site died for no apparent reason. It was late so I left it for next time. I went on the site a couple of days later and all seemed fine until I installed a module on Drupal 7, at that point the site went off!

I checked in the browsers and it was gone, then tried to access the files via ftp and the server was gone.

At this point I guessed it was the fire wall blocking my IP address. To make sure, I used a mobile device and sure enough the site was fine.

What had happened?

After some emails back and forth with the host  (Dataflame) I got them to give me the log entries which told me it was jQuery Cookie file, Cross-site Scripting (XSS) Attack,  mod_security and rule 95004 causing the problems.

Armed with this info I searched the web for answers and it seems I'm not alone in this one. It seems there is a rule in mod_security that blocks files with the word 'cookie'! Since Drupal 7 uses a jQuery module called 'jquery.cookie.js' this caused the site to block me and any user accessing the site.

After more digging it seems this rule was an out of date rule and one that was changed in 2010 so the host (Dataflame) was using mod_security with an old rule set.

How to stop it?

So at this point we can simply ask the host provider to update their rule set for mod_security on this server, which they might or might not do or we can copy 'jquery.cookie.js' to 'jquery.c.js' and add 

Redirect 302 /misc/jquery.cookie.js /misc/jquery-cookie.js

to the .htaccess file