[ad_1]
I just tested this in an installation without any plugins and with a default theme: it works.
If it does not work for you, it may be due to a plugin you use or your theme. Unfortunately, the error message does not say anything about it.
@threadi, thanks for confirming it’s not you, it’s not WP, it’s me 😉
I turned on PHP debugging and got no output. Which makes some sense; if you read the line from the Apache error.log carefully, the Apache ModSecurity module is having trouble running a particular line in a configuration file /dh/apache2/template/etc/mod_sec3_CRS/REQUEST-942-APPLICATION-ATTACK-SQLI.conf, and I think the failure occurs before the web server even gets to running any PHP code. This config file is the OWASP ModSecurity Core Rule Set ver.3.3.2, and around line 444 is rule id 942360 which does indeed have an extremely complicated regular expression in it (that aims to detect “concatenated basic SQL injection and SQLLFI attempts”).
It seems Dreamhost configures its shared web hosting web server with complicated security rules that the web server can’t handle, which certain WordPress web requests can trigger. I’ll take it up with Dreamhost. Thanks again.