Saving Terms of Service gives me "Page not found"

When I try saving the Terms of Service I'm getting a "Page not found" error at
mydomain.com/wp-admin/network/settings.php?page=signup-tos

Just for clarity, I can to go the Terms of Service option page and I can see what I've previously entered in the TOS text box but when I try saving my changes, I get the error as above, and the URL is the one I pasted above.

The TOS options page worked initially (yesterday) and saved what I entered, so I'm not sure what's up now. I'm trying to remember what I changed since then. I have set up Multi-DB at some point in there, though I don't remember if it was before or after working with TOS, and I have installed Pro Sites.

  • Todd Heitner
    • The Incredible Code Injector

    Just as a quick update on this, I've been testing, adding blocks of text to the TOS, and could see that I could add some text and save changes, but other text caused problems, so I narrowed it down to sentences, and then to words.

    It appears that in one specific spot, the word "from" is causing problems. That doesn't make any sense to me. The word "from" appears in the TOS in a few other spots and seems fine. But in this one sentence, if I remove the word "from", I can save the TOS. If I add the word "from", I get a Page not found error. And any use of the word "from" after that is causing the problem.

    Any ideas?

  • Todd Heitner
    • The Incredible Code Injector

    Yes I did.

    I think I'm starting to get to the bottom of it, at least hopefully.

    I found that other people have had similar problems. It's not a plugin or WordPress issue, but a security setting. It's an issue with ModSecurity. Here are a couple posts about it:

    http://wordpress.org/support/topic/my-server-doesnt-like-the-word-from
    http://wordpress.org/support/topic/disable-mod-security

    I contacted my host about it and here's what they said:

    I have found quite a few instances of modsec being triggered in your Apache
    error log. The two rules I am seeing are "300016" and "300013" these are
    generic sql injection protection rules (SQL uses from as a command) these are
    commonly whitelisted in order to prevent modsec from being triggered. There
    is a plugin for WHM that will allow you to whitelist your own modsec rules
    and is pretty easy to use.

    So I'm getting them to install this for me.

    I noticed that the word "from" was allowed a few times, but after that it was triggering the "Page not found" error.

    If anyone encounters this, hopefully this post will help point them in the right direction at least. It was definitely a weird problem.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.